[Fedora-directory-users] Recover directory database files when disk fills up!
by Howard Wilkinson
We had the disk with the directory database files fill up overnight, a
rogue process :-[
Now the directory server will not start I get the following reported in
the system logs.
Jul 29 09:44:50 bastion ns-slapd: auxpropfunc error invalid
parameter supplied
Jul 29 09:44:50 bastion ns-slapd: sql_select option missing
Jul 29 09:44:50 bastion ns-slapd: auxpropfunc error no mechanism
available
What can I do to recover the database so that I can start the server?
14 years, 10 months
[Fedora-directory-users] email clients
by Malcolm Amir Hussain-Gambles
Just wondering what email clients people use for address books.
I've tried evolution, but it seems completely unstable for ldap, I've
had no choice but to revert to people using thunderbird. (this is the
fc9 version)
Thunderbird is stable but lacks features.
Claws is probably the best, but doesn't have that corporate feel like
evolution.
Are most people using outlook?
Cheers,
Malcolm
15 years
[Fedora-directory-users] questions about 2 node multi-master setup
by Luke Schierer
Hi,
I just set up Fedora Directory Server on two nodes, and have set up
multi-master replication between them following the directions at
http://directory.fedoraproject.org/wiki/Howto:WalkthroughMultimasterSSL
It seems to mostly work, but I have a few questions.
1)After initializing nodeB and restarting nodesA and B, I can no
longer connect to nodeB with the Console application. If I type in
its hostname, it connects, but I can only open up the slapd directory
if nodeA is up. I can continue to log into nodes authenticating
against the pair, and I can use the command line utities to connect to
nodeB. Any ideas what I might be doing wrong?
2)if I change a password (using the passwd command on a client) while
nodeA is down, or add a user with ldapmodify while nodeA is down, the
change does not seem to replicate back to nodeA after it comes back
up. Do I have to force an initialization in such cases?
Thanks,
Luke
15 years
[Fedora-directory-users] ACI help
by Craig White
I have users personal address books as an ou under their accounts...
ou=AddressBook,uid=craig,ou=People,ou=Accounts,dc=example,dc=com
but when I try to add an entry, I am blocked...
[28/Aug/2008:12:42:11 -0700] conn=18613 op=1 ADD
dn="cn=Test,ou=AddressBook,uid=craig,ou=People,ou=Accounts,dc=example,dc=com"
[28/Aug/2008:12:42:11 -0700] conn=18613 op=1 RESULT err=50 tag=105
nentries=0 etime=0
I need an ACi that allows each uid account to read/write entries in OU's
under their own accounts and the only ACi's I have are the ones
inherited
Craig
15 years
[Fedora-directory-users] Access control and best practices etc ...
by Richard Sharpe
Hi,
I have set up Fedora Directory Services (albeit, on CentOS 5.2).
Then I set up some PosixAccounts and they all work.
Then I wanted to add the sambaSamAccount attribute using the
smbldap-usermod tool from the Idealx site, but I keep getting told
that I don't have 'write' privilege to add the attribute for the user
I selected.
Now, I set up the binddn as cn=Directory Manager and specified the
correct password.
What is going wrong?
Secondly, I suspect that using the Directory Manager is not a good
idea. Are there any links to documentation on best practice for this?
15 years
[Fedora-directory-users] Business Case: Advantage Opensource Directory VS Active Directory
by cobra@cobradevil.org
Hello all,
I have a question why i should use an opensource directory server for my
opensource activities!
I work for a large company! 70k users
We have a large MS Windows based infrastructure win2k3 with winxp
workstations.
For our open source servers and workstations we thought to get an
Opensource Directory server because of the specific options that Active
Directory cannot deliver.
But now i get a lot of people who say that active directory can do all of it!
Can someone help me with getting the right arguments so i have a valid
reason to create an opensource directory server?
The things i wanna administer are:
Sudoldap
Freeipa based authentication/dns
application management
and probably a lot more!
Please let me know!
With kind regards,
William van de Velde
15 years, 1 month
[Fedora-directory-users] Replication Errors after disabling and enabling replication
by Hendry, Chris
Using Fedora DS 1.0.4-1
I had multimaster replication working for some time for two servers.
I wanted to make some changes so I disabled replication on one server,
then configured it again, with the same values, but now it does not work
at all.
I get the following error message when starting up:
[27/Aug/2008:12:04:56 -0400] - Fedora-Directory/1.0.4 B2006.312.1539
starting up
[27/Aug/2008:12:04:56 -0400] NSMMReplicationPlugin -
repl_set_mtn_referrals: could not set referrals for replica
dc=xxxx,dc=xxx: 1
[27/Aug/2008:12:04:56 -0400] - slapd started. Listening on All
Interfaces port 389 for LDAP requests
I have read some info on the web about this, have not found what I need
to clean things up to get it up and running again. Any ideas?
Chris
15 years, 1 month
[Fedora-directory-users] Directory server password security
by UMESH PANWAR
Hi,
We are using Fredora Directory server 7.1 for authentication of users, mail accounts and proxy authentication. Yesterday I have observed that passwords goes in plain-text and anyone can retrieve actual user name and password easily with using a software named cain.
Can anybody suggest how can i secure user's password so that the password should travel in encrypted form.
I am new with fedora-ds so please explain me in detail.
Regards
Umesh
Umesh Panwar
+91-9829857475
15 years, 1 month
[Fedora-directory-users] SSL communication between AD and DS
by Mister Anonyme
Hi,
This is driving me crazy....
I'm trying to setup a SSL communication between Directory Server and AD.
Without SSL, the synchronization works very well, I can see all user accounts in DS, but I need SSL to be able to synchronize the passwords as well.
So, here what I did:
On AD, I opened IE on this following address:
http://localhost/certsrv/
I requested a new certificate and installed it. I can see the new certificate in MMC console, in Certificate->Personal->Certificates.
After, I exported the CA Certificate from DS like this:
pk12util -d . -o CAcert.pfx -n CAcert
I transfered the file to AD and imported it right here:
MMC Console->Certificate->Trusted Root Certification Authorites->Certificates
Then, I exported the CA Certificate (from AD) from the same directory as above and imported in DS with the DS Console (section Manage Certificates->CA Certs)
I tested the communication by doing this:
/usr/lib/mozldap6/ldapsearch -Z -P /etc/dirsrv/slapd-myinst/cert8.db -h 1.1.1.1 -p 636 -D "cn=Windows Sync,cn=users,dc=domain,dc=local" -w _PASS_ -s sub -b "ou=users,dc=domain,dc=local" "(objectClass=*)"
Work well, I have a listing of user accounts.
Then, I re-created a new Windows Sync agreement (with SSL and port 636) and I'm always getting this following error:
The consumer initialization has unsuccessfully completed.
The error received by the replica is: 48 - LDAP error: Inappropriate authentication
Thank you for your help in advance.
_________________________________________________________________
If you like crossword puzzles, then you'll love Flexicon, a game which combines four overlapping crossword puzzles into one!
http://g.msn.ca/ca55/208
15 years, 1 month
[Fedora-directory-users] SSL communication between AD and DS
by Mister Anonyme
Hi,
This is driving me crazy....
I'm trying to setup a SSL communication between Directory Server and AD.
Without SSL, the synchronization works very well, I can see all user accounts in DS, but I need SSL to be able to synchronize the passwords as well.
So, here what I did:
On AD, I opened IE on this following address:
http://localhost/certsrv/
I requested a new certificate and installed it. I can see the new certificate in MMC console, in Certificate->Personal->Certificates.
After, I exported the CA Certificate from DS like this:
pk12util -d . -o CAcert.pfx -n CAcert
I transfered the file to AD and imported it right here:
MMC Console->Certificate->Trusted Root Certification Authorites->Certificates
Then, I exported the CA Certificate (from AD) from the same directory as above and imported in DS with the DS Console (section Manage Certificates->CA Certs)
I tested the communication by doing this:
/usr/lib/mozldap6/ldapsearch -Z -P /etc/dirsrv/slapd-myinst/cert8.db -h 1.1.1.1 -p 636 -D "cn=Windows Sync,cn=users,dc=domain,dc=local" -w _PASS_ -s sub -b "ou=users,dc=domain,dc=local" "(objectClass=*)"
Work well, I have a listing of user accounts.
Then, I re-created a new Windows Sync agreement (with SSL and port 636) and I'm always getting this following error:
The consumer initialization has unsuccessfully completed.
The error received by the replica is: 48 - LDAP error: Inappropriate authentication
Thank you for your help in advance.
_________________________________________________________________
If you like crossword puzzles, then you'll love Flexicon, a game which combines four overlapping crossword puzzles into one!
http://g.msn.ca/ca55/208
15 years, 1 month
