August 2008 - 389-users - Fedora Mailing-Lists

[Fedora-directory-users] LDIF Documentation

by Gene Poole

I've been examining the Example.ldif file attempting to understand it, without much success. Where can I find documentation on it's format and content? Or is there a piece of software that will read and existing ldif and report on it? Thanks, Gene Poole

15 years, 8 months

4
3
0 / 0

AW: [Fedora-directory-users] how to turn on memberof plugin?

by Karl Gustav

Does anybody of you found a solution how to turn on the memberof plugin?? -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

15 years, 8 months

5
4
0 / 0

[Fedora-directory-users] Possible bug in directory server

by Russell Miller

I'm not opening an official bug for this because it's already in RedHat support's hands and I'm waiting for them to reproduce it. But I want to see if anyone else has encountered this too, I've spent a great deal of time diagnosting this and I want to make sure I'm not barking up the wrong tree while I wait (the more confident I am that it's a real problem, the more confident I am thinking about and proposing a fix). It seems that using the "exop" directive in ldap.conf causes password changes to be done using the extended operation (referrals don't seem to work properly in some cases if you don't use exop). However, it seems that in the directory server code, when you use the password change exop, it's considered "internal" (because it's a plugin), and thus a referral is never sent. So if you turn exop on and have a replicated setup where you are pointing to a slave, the correct referral is never sent. Has anyone else encountered this? I can provide details and the results of my testing that overwhelmingly points to this being a bug in the directory server. Thoughts? Am I completely out there and making an ass of myself with support? ;) Thanks. --Russell

15 years, 8 months

1
0
0 / 0

[Fedora-directory-users] Re: Fedora-directory-users Digest, Vol 39, Issue 21

by Mike Carroll

Also, keep in mind that the hugest directories...are often small in disk space and easy to do 100% caching in memory. I have a RHDS directory with over 120K users and I have 100% caching enabled...for about 3G of RAM. My response time is usually under 15 mils and the average cpu utilization is only around 4% at it's peak. Also, just from a cost perspective I would say RHDS or Fedora DS is a much much much better bargain then AD. I would only use AD if I was doing a windows network or using some other Microsoft centric technology. ----- Original Message ---- From: "fedora-directory-users-request(a)redhat.com" <fedora-directory-users-request(a)redhat.com> To: fedora-directory-users(a)redhat.com Sent: Tuesday, August 19, 2008 12:00:08 PM Subject: Fedora-directory-users Digest, Vol 39, Issue 21 Send Fedora-directory-users mailing list submissions to fedora-directory-users(a)redhat.com To subscribe or unsubscribe via the World Wide Web, visit https://www.redhat.com/mailman/listinfo/fedora-directory-users or, via email, send a message with subject or body 'help' to fedora-directory-users-request(a)redhat.com You can reach the person managing the list at fedora-directory-users-owner(a)redhat.com When replying, please edit your Subject line so it is more specific than "Re: Contents of Fedora-directory-users digest..." Today's Topics: 1. RE: Business Case: Advantage OpensourceDirectory VS Active Directory (ben.van.veen(a)planet.nl) ---------------------------------------------------------------------- Message: 1 Date: Tue, 19 Aug 2008 08:30:25 +0200 From: <ben.van.veen(a)planet.nl> Subject: RE: [Fedora-directory-users] Business Case: Advantage OpensourceDirectory VS Active Directory To: "General discussion list for the Fedora Directory server project." <fedora-directory-users(a)redhat.com> Message-ID: <A0EE65E19A1F274DB66934B65F8ECCB402A47E80(a)CPEXBE-EML21.kpnsp.local> Content-Type: text/plain; charset="iso-8859-1" Hi William, One of the things you need to address is the performance / speed of authentication. Can your (AD -) server forest handle the amount of new kind of authentication requests beside the WINS / DNS etc. I have 2-servers ( in replica) of Fedora DS (FDS) with over 800k users. This is only for authentication of our website. There is also an read-only replica of the AD on it for internal use. Till now there is no performance issue. We decided to move to FDS due to the amount of external users. We did this only for performance. AD could do it as well. Ben. ________________________________ Van: fedora-directory-users-bounces(a)redhat.com namens cobra(a)cobradevil.org Verzonden: ma 18-8-2008 16:09 Aan: fedora-directory-users(a)redhat.com Onderwerp: [Fedora-directory-users] Business Case: Advantage OpensourceDirectory VS Active Directory Hello all, I have a question why i should use an opensource directory server for my opensource activities! I work for a large company! 70k users We have a large MS Windows based infrastructure win2k3 with winxp workstations. For our open source servers and workstations we thought to get an Opensource Directory server because of the specific options that Active Directory cannot deliver. But now i get a lot of people who say that active directory can do all of it! Can someone help me with getting the right arguments so i have a valid reason to create an opensource directory server? The things i wanna administer are: Sudoldap Freeipa based authentication/dns application management and probably a lot more! Please let me know! With kind regards, William van de Velde -- Fedora-directory-users mailing list Fedora-directory-users(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- An HTML attachment was scrubbed... URL: https://www.redhat.com/archives/fedora-directory-users/attachments/200808... ------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users End of Fedora-directory-users Digest, Vol 39, Issue 21 ******************************************************

15 years, 8 months

1
0
0 / 0

Re: [Fedora-directory-users] Problem with the synchronization agreement

by ken oh

Hi, I'm back from my vacations. I sync the clock on fedora and windows 2003 server. When I use the ldapsearch from the command line to bind and search the AD from fedora on port 389, I still have the same result : ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) I also used ldp.exe from Win 2003 server to test the connection between the 2 server and I got this message : ld = cldap_open("servertest.tc.iut", 389); Established connection to servertest.tc.iut. Retrieving base DSA information... Server error: <empty> Error<94>: ldap_parse_result failed: No result present in message Getting 0 entries: So my problem comes from something else. For information I'm using fedora 9 under vmware workstation. Maybe the problem comes from here. Or I've thought that the problem comes perhaps from a bad configured file. Thanks Date: Fri, 25 Jul 2008 14:52:57 +0530 Hi, While creating sync agrement Dont check the Enable ssl option,it will work , and also check your certificates are proper on both windows and linux directory server.Make sure CLOCK is in sync on both windows and linux. Regards, pradeep On 7/25/08, ken oh <kenoh23 yahoo fr> wrote: > Thanks for your help > > I try your command with the right hostname "anubis" (and not anubix) using > the the sync and next the admin account in the command line and I get this > result for both account : > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) > > I don't know if this info can help but my ad server is in native mode. > From: Rich Megginson <rmeggins redhat com>To: kenoh23 yahoo fr, "General discussion list for the Fedora Directory server project." <fedora-directory-users redhat com>Cc: Subject: Re: [Fedora-directory-users] Problem with the synchronization agreementDate: Thu, 24 Jul 2008 08:39:59 -0600 ken oh wrote: Hi everybody, I'm at the Windows Sync Server Info screen, I have completed all the fields. And when I click next, I got the message "Unable to contact Active Directory server, continue ?" using the ssl connection or not. >From each side, I ping and I use a nslookup command to verify if the domain name is correct; and everything is ok. So I would like to know if someone can help me with what goes wrong, thanks. Try using ldapsearch from the command line to bind and search the AD from your linux box: ldapsearch -x -h anubix -p 389 -D "cn=sync,cn=users,dc=tc-gea,dc=iut,dc=univ-metz,dc=fr" -w password -s base -b "cn=users,dc=tc-gea,dc=iut,dc=univ-metz,dc=fr" "(objectclass=*)" Try 389 first to see if ldap is working - you'll have to do some additional configuration to get SSL working with ldapsearch. I'm assuming you've done all of the SSL setup correctly - http://directory.fedoraproject.org/wiki/Howto:WindowsSync and http://directory.fedoraproject.org/wiki/Howto:SSL This is my Windows Sync Server Info screen, if that can help : http://img291.imageshack.us/img291/4323/sync2ur5.jpg _____________________________________________________________________________ Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr

15 years, 8 months

1
0
0 / 0

[Fedora-directory-users] FDS and Active directory Sync

by Vipul Ramani

HI All, I am tryting to sync FDS and ADC. I have done everything http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Windows_Sync-Configu... But some how it does not work .... i am getting error in FDS error log... 5/May/2008:07:45:42 -0400] - SSL alert: ldap_sasl_bind("",LDAP_SASL_EXTERNAL) 81 (Netscape Portable Runtime error -5938 - Encountered end of file.) [15/May/2008:07:46:30 -0400] - SSL alert: ldap_sasl_bind("",LDAP_SASL_EXTERNAL) 81 (Netscape Portable Runtime error -5938 - Encountered end of file.) [15/May/2008:07:48:06 -0400] - SSL alert: ldap_sasl_bind("",LDAP_SASL_EXTERNAL) 81 (Netscape Portable Runtime error -5938 - Encountered end of file.) [15/May/2008:07:51:18 -0400] - SSL alert: ldap_sasl_bind("",LDAP_SASL_EXTERNAL) 81 (Netscape Portable Runtime error -5938 - Encountered end of file.) [15/May/2008:07:56:18 -0400] - SSL alert: ldap_sasl_bind("",LDAP_SASL_EXTERNAL) 81 (Netscape Portable Runtime error -5938 - Encountered end of file.) [15/May/2008:08:01:18 -0400] - SSL alert: ldap_sasl_bind("",LDAP_SASL_EXTERNAL) 81 (Netscape Portable Runtime error -5938 - Encountered end of file.) from passsync.log --------------- Ldap bind error in Connect 81:Can't connect to LDAP Server Can not connect to ldap server in syncPasswords ------------------------- -- Regards Vipul Ramani

15 years, 8 months

3
13
0 / 0

[Fedora-directory-users] (no subject)

by Mister Anonyme

> Rich Megginson wrote: >> Mister Anonyme wrote: >> Hi, >> I tried to follow the guidelines here: >> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication... >> And it doesn't work. > >Can you be more specific? There you go... SERVER1 is first server, SERVER2 is second server (failover) ======================================== First step (from the doc): Install and configure the first Directory Server instance. ======================================== ****** file.inf ****** FullMachineName = SERVER1 AdminDomain = MY DOMAIN NAME SuiteSpotUserID = nobody SuiteSpotGroup = nobody ConfigDirectoryLdapURL = ldap://SERVER1:389/o=NetscapeRoot ConfigDirectoryAdminID = admin ConfigDirectoryAdminPwd = MY PASSWORD [admin] ServerAdminID = admin ServerAdminPwd = MY PASSWORD SysUser = nobody ServerIpAddress = MY SERVER IP ADDRESS Port = 9830 [slapd] InstallLdifFile = suggest ServerIdentifier = SERVER1 ServerPort = 389 AddOrgEntries = Yes RootDN = cn=Directory Manager RootDNPwd = MY DS PASSWORD SlapdConfigForMC = yes Suffix = dc=EXAMPLE, dc=NET UseExistingMC = 0 AddSampleEntries = Yes ConfigFile = repluser.ldif ConfigFile = changelog.ldif ConfigFile = replica.ldif ConfigFile = replagreement.ldif *************** repluser.ldif *************** dn: cn=replication manager,cn=config objectClass: inetorgperson objectClass: person objectClass: top cn: replication manager sn: RM userPassword: MY ENCRYPTED PASSWORD passwordExpirationTime: 20380119031407Z **************** changelog.ldif **************** dn: cn=changelog5,cn=config objectclass: top objectclass: extensibleObject cn: changelog5 nsslapd-changelogdir: /var/lib/dirsrv/slapd-MYINSTANCE/changelogdb ************ replica.ldif ************* dn: cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config objectclass: top objectclass: nsds5replica objectclass: extensibleObject cn: replica nsds5replicaroot: o=NetscapeRoot nsds5replicaid: 1 nsds5replicatype: 3 nsds5flags: 1 nsds5ReplicaPurgeDelay: 604800 nsds5ReplicaBindDN: cn=replication manager,cn=config ****************** replagreement.ldif ****************** dn: cn=replication_netscaperoot,cn=replica,cn="o=Netscaperoot",cn=mapping tree,cn=config objectclass: top objectclass: nsds5replicationagreement cn: replication_netscaperoot nsds5replicahost: SECONDARY LDAP SERVER HOSTNAME nsds5replicaport: 389 nsds5ReplicaBindDN: cn=replication manager nsds5replicabindmethod: SIMPLE nsds5replicaroot: o=Netscaperoot description: replication netscaperoot nsds5replicacredentials: ENCRYPTEDPASSWORD nsds5BeginReplicaRefresh: start I run this command: # /usr/sbin/setup-ds-admin -s -f file.inf Here's the log: [...] +Processing repluser.ldif ... +++check_and_add_entry: Entry not found cn=replication manager,cn=config error No such object +Entry cn=replication manager,cn=config is added +Processing changelog.ldif ... +++check_and_add_entry: Entry not found cn=changelog5,cn=config error No such object +Entry cn=changelog5,cn=config is added +Processing replica.ldif ... +++check_and_add_entry: Entry not found cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config error No such object +ERROR: adding an entry cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config failed, error: No such object dn: cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config objectclass: top objectclass: nsds5replica objectclass: extensibleObject cn: replica nsds5replicaroot: o=NetscapeRoot nsds5replicaid: 1 nsds5replicatype: 3 nsds5flags: 1 nsds5replicapurgedelay: 604800 nsds5replicabinddn: cn=replication manager,cn=config +ERROR: There was an error processing entry cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config +Cannot continue processing entries. So, I created another file (the documentation didn't mention this so I don't know if it's the 'good' procedure...): ************* replica_1.ldif ************* dn: cn="o=NetscapeRoot",cn=mapping tree,cn=config objectclass: top objectclass: nsMappingTree objectclass: extensibleObject cn: "o=NetscapeRoot" I added just before the replica.ldif in the "file.inf", [slapd] section. Then: # /usr/sbin/setup-ds-admin -s -f file.inf It works well until...: [...] +[13/Aug/2008:15:07:17 -0400] NSMMReplicationPlugin - _replica_configure_ruv: replication broken for entry (o=NetscapeRoot); LDAP error - 1 +[13/Aug/2008:15:07:17 -0400] NSMMReplicationPlugin - Unable to configure replica o=NetscapeRoot: +[13/Aug/2008:15:07:17 -0400] - slapd started. Listening on All Interfaces port 389 for LDAP requests +Your new directory server has been started. Your new DS instance 'INSTANCENAME' was successfully created. Creating the configuration directory server . . . The suffix 'o=NetscapeRoot' already exists. Config entry DN 'cn="o=NetscapeRoot",cn=mapping tree,cn=config'. Failed to create the configuration directory server Exiting . . . So, it won't process LDIF files that I created according to the documentation, but if I force the creation of NetscapeRoot so the replica.ldif can be processed, it won't continue because it already exists... Great... I removed replica_1.ldif, replica.ldif, replagreement.ldif from file.inf and ran this agan: # /usr/sbin/setup-ds-admin -s -f file.inf [...] The admin server was successfully started. Admin server was successfully created, configured, and started. Then, I manually created a replica and a replica agreement: /usr/lib/mozldap6/ldapmodify -cvD "cn=Directory manager" -w PASSWD < replica.ldif /usr/lib/mozldap6/ldapmodify -cvD "cn=Directory manager" -w PASSWD < replagreement.ldif It went with sucess. Now, step 2 from the doc... The inf file of the second server: ****** file.inf ****** [General] AdminDomain = EXAMPLE.DOMAIN SuiteSpotGroup = nobody ConfigDirectoryLdapURL = ldap://SERVER1 (or SERVER2, doesn't matter, it fails).nl.rsft.net:389/o=NetscapeRoot ConfigDirectoryAdminID = admin FullMachineName = SERVER2 SuiteSpotUserID = nobody ConfigDirectoryAdminPwd = PASS [admin] ServerAdminID = admin ServerAdminPwd = PASS SysUser = nobody Port = 9830 [slapd] InstallLdifFile = suggest ServerIdentifier = SERVER2 ServerPort = 389 AddOrgEntries = Yes RootDN = cn=Directory Manager RootDNPwd = SERVER2 Suffix = dc=EXAMPLE,dc=DOMAIN UseExistingMC = 0 AddSampleEntries = No ConfigFile = netscaperootdb.ldif ConfigFile = repluser.ldif ConfigFile = changelog.ldif ConfigFile = replica.ldif ConfigFile = replagreement.ldif I won't show repluser.ldif, changelog.ldif, replica.ldif and replagreement.ldif, they are same as above, except for netscapeootdb.ldif: ****************** netscaperootdb.ldif ****************** dn: cn="o=netscaperoot",cn=mapping tree,cn=config objectclass: top objectclass: extensibleObject objectclass: nsMappingTree nsslapd-state: backend nsslapd-backend: NetscapeRoot cn: o=NetscapeRoot I ran the script: # /usr/sbin/setup-ds.pl -s -f file.inf There's not error until... [...] +importing data ... [13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, pages: 258922, procpages: 6198 [13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k [13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 [13/Aug/2008:15:30:35 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, pages: 258922, procpages: 6198 [13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k [13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 [13/Aug/2008:15:30:36 -0400] - import userRoot: Beginning import job... [13/Aug/2008:15:30:36 -0400] - import userRoot: Index buffering enabled with bucket size 100 [13/Aug/2008:15:30:36 -0400] - import userRoot: Processing file "/tmp/ldifBTMcP9.ldif" [13/Aug/2008:15:30:36 -0400] - import userRoot: Finished scanning file "/tmp/ldifBTMcP9.ldif" (9 entries) [13/Aug/2008:15:30:37 -0400] - import userRoot: Workers finished; cleaning up... [13/Aug/2008:15:30:37 -0400] - import userRoot: Workers cleaned up. [13/Aug/2008:15:30:37 -0400] - import userRoot: Cleaning up producer thread... [13/Aug/2008:15:30:37 -0400] - import userRoot: Indexing complete. Post-processing... [13/Aug/2008:15:30:37 -0400] - import userRoot: Flushing caches... [13/Aug/2008:15:30:37 -0400] - import userRoot: Closing files... [13/Aug/2008:15:30:37 -0400] - All database threads now stopped [13/Aug/2008:15:30:37 -0400] - import userRoot: Import complete. Processed 9 entries in 1 seconds. (9.00 entries/sec) +Starting the server: /usr/lib/dirsrv/slapd-myinstance/start-slapd +Started the server: code 256 Server failed to start !!! Please check errors log for problems + Red Hat-Directory/8.0.0 B2007.353.1757 + server2:389 (/etc/dirsrv/slapd-myinstance) + +[13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, pages: 258922, procpages: 6198 +[13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k +[13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 +[13/Aug/2008:15:30:35 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database +[13/Aug/2008:15:30:35 -0400] - dblayer_instance_start: pagesize: 4096, pages: 258922, procpages: 6198 +[13/Aug/2008:15:30:35 -0400] - cache autosizing: import cache: 204800k +[13/Aug/2008:15:30:35 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 +[13/Aug/2008:15:30:36 -0400] - import userRoot: Beginning import job... +[13/Aug/2008:15:30:36 -0400] - import userRoot: Index buffering enabled with bucket size 100 +[13/Aug/2008:15:30:36 -0400] - import userRoot: Processing file "/tmp/ldifBTMcP9.ldif" +[13/Aug/2008:15:30:36 -0400] - import userRoot: Finished scanning file "/tmp/ldifBTMcP9.ldif" (9 entries) +[13/Aug/2008:15:30:37 -0400] - import userRoot: Workers finished; cleaning up... +[13/Aug/2008:15:30:37 -0400] - import userRoot: Workers cleaned up. +[13/Aug/2008:15:30:37 -0400] - import userRoot: Cleaning up producer thread... +[13/Aug/2008:15:30:37 -0400] - import userRoot: Indexing complete. Post-processing... +[13/Aug/2008:15:30:37 -0400] - import userRoot: Flushing caches... +[13/Aug/2008:15:30:37 -0400] - import userRoot: Closing files... +[13/Aug/2008:15:30:37 -0400] - All database threads now stopped +[13/Aug/2008:15:30:37 -0400] - import userRoot: Import complete. Processed 9 entries in 1 seconds. (9.00 entries/sec) +[13/Aug/2008:15starting up +[13/Aug/2008:15:30:39 -0400] - I'm resizing my cache now...cache was 209715200 and is now 8000000 +[13/Aug/2008:15:30:39 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot +[13/Aug/2008:15:30:40 -0400] - Warning: Mapping tree node entry for o=NetscapeRoot point to an unknown backend : NetscapeRoot And it hung up. I had to do CTRL-C to have prompt. Well, maybe it's normal.. This server isn't completely installed. So, step 3 from the doc, I ran it on the SERVER1: # /usr/lib/mozldap6/ldapmodify -cvD "cn=Directory manager" -w PASSWD ldapmodify-bin: started Wed Aug 13 15:37:03 2008 ldap_init( localhost, 389 ) dn: cn=ExampleAgreement1,cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config changetype: modify replace: nsds5beginreplicarefresh nsds5beginreplicarefresh: start replace nsds5beginreplicarefresh: start modifying entry cn=ExampleAgreement1,cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config ldap_modify: No such object This is when I gave up and decided to create a NetscapeRoot's replication directly from the Java console. I mean, I installed two LDAP servers with the second server that it uses the Configuration Server from the first server. The replication works very well between two servers (only if I setup from the Java console) but when I want to do the the step 4 from the doc (create local Administration Server), it doesn't work, the script 'register-ds-admin.pl' always fails. Thank you very much for your help! _________________________________________________________________ If you like crossword puzzles, then you'll love Flexicon, a game which combines four overlapping crossword puzzles into one! http://g.msn.ca/ca55/208

15 years, 8 months

2
7
0 / 0

[Fedora-directory-users] Problem with referrals

by Russell Miller

I am working on a fairly simple DS system - one master and about 12 replication slaves. I didn't go multimaster because we don't have enough servers to justify that... but anyway. We've had a consistent problem for years with password changing - which I'm trying to fix. It used to be that changing passwords simply didn't work. I rebuilt the whole infrastructure to refer back to the replication master and added pam_password exop to the ldap.conf files. Now changing passwords works... sort of. When changing a password, it prompts for the password and the new password, and dutifully changes it on the server, gets the referral back, tries to follow it - and the server says "invalid credentials" and refuses to do the change. So I end up with our servers out of sync - the new password on the slave server and the old server still thinking it has the old password. Obviously that's not acceptable. I tried exop_send_old, it doesn't do any better. I'm running the latest version of nss_ldap. Anyone have any suggestions as to why the slave servers are allowing the credentials but the master isn't? Thanks, --Russell

15 years, 8 months

1
0
0 / 0

[Fedora-directory-users] FDS on OpenSolaris

by Rob See

Hi, Painfully, I was able to get FDS compiled and installed on the latest build OpenSolaris x86, but I've run into to a problem during the setup process. When the setup script performs the ldif2db, it fails with a Database Error 2. Here is the complete error log: [13/Aug/2008:14:40:46 -0400] - Backend Instance: userRoot [13/Aug/2008:14:40:46 -0400] - dblayer_instance_start: pagesize: 4096, pages: 393103, procpages: 7245 [13/Aug/2008:14:40:46 -0400] - cache autosizing: import cache: 204800k [13/Aug/2008:14:40:46 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 [13/Aug/2008:14:40:46 -0400] - WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database [13/Aug/2008:14:40:46 -0400] - dblayer_instance_start: pagesize: 4096, pages: 393103, procpages: 7245 [13/Aug/2008:14:40:46 -0400] - cache autosizing: import cache: 204800k [13/Aug/2008:14:40:46 -0400] - li_import_cache_autosize: 50, import_pages: 51200, pagesize: 4096 [13/Aug/2008:14:40:47 -0400] - import userRoot: Beginning import job... [13/Aug/2008:14:40:47 -0400] - import userRoot: Index buffering enabled with bucket size 100 [13/Aug/2008:14:40:47 -0400] - import userRoot: Processing file "/tmp/ldifd8ULLD.ldif" [13/Aug/2008:14:40:47 -0400] - import userRoot: Finished scanning file "/tmp/ldifd8ULLD.ldif" (9 entries) [13/Aug/2008:14:40:47 -0400] - database error 2 [13/Aug/2008:14:40:47 -0400] - import userRoot: ERROR: Could not add op attrs to entry ending at line 17 of file "/tmp/ldifd8ULLD.ldif" [13/Aug/2008:14:40:47 -0400] - import userRoot: Aborting all import threads... [13/Aug/2008:14:40:53 -0400] - import userRoot: Import threads aborted. [13/Aug/2008:14:40:53 -0400] - import userRoot: Closing files... [13/Aug/2008:14:40:53 -0400] - libdb: userRoot/id2entry.db4: unable to flush: No such file or directory [13/Aug/2008:14:40:53 -0400] - All database threads now stopped [13/Aug/2008:14:40:53 -0400] - import userRoot: Import failed. Does anyone know what database error 2 means, and how I might be able to fix it. Thanks, -Rob --

15 years, 8 months

1
0
0 / 0

[Fedora-directory-users] register-ds-admin.pl

by Mister Anonyme

Hi, I tried to follow the guidelines here: http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication... And it doesn't work. So, I did it in another way. On the first server, I created this inf file: ================================== [General] FullMachineName = firstserver.domain AdminDomain = domain SuiteSpotUserID = nobody SuiteSpotGroup = nobody ConfigDirectoryLdapURL = ldap://firstserver.domain:389/o=NetscapeRoot ConfigDirectoryAdminID = admin ConfigDirectoryAdminPwd = pass [admin] ServerAdminID = admin ServerAdminPwd = pass SysUser = nobody ServerIpAddress = 1.1.1.1 Port = 9830 [slapd] InstallLdifFile = suggest ServerIdentifier = firstserver ServerPort = 389 AddOrgEntries = Yes RootDN = cn=Directory Manager RootDNPwd = pass SlapdConfigForMC = yes Suffix = dc=host, dc=domain UseExistingMC = 0 AddSampleEntries = No ========================= I ran like this: # /usr/sbin/setup-ds-admin.pl -s -f file.inf Then, I configured the replication in the console for the DB NetscapeRoot. On the second server, I created this inf file: ======== [General] FullMachineName = secodserver.domain AdminDomain = domain SuiteSpotUserID = nobody SuiteSpotGroup = nobody ConfigDirectoryLdapURL = ldap://firstserver.domain:389/o=NetscapeRoot ConfigDirectoryAdminID = admin ConfigDirectoryAdminPwd = pass [admin] ServerAdminID = admin ServerAdminPwd = pass SysUser = nobody ServerIpAddress = 1.1.1.1 Port = 9830 [slapd] InstallLdifFile = suggest ServerIdentifier = secodserver ServerPort = 389 AddOrgEntries = Yes RootDN = cn=Directory Manager RootDNPwd = pass SlapdConfigForMC = yes Suffix = dc=host, dc=domain UseExistingMC = 1 AddSampleEntries = No ================ As you can see, I installed the second server but it uses the Administrative Server on the first server. I created NetscapeRoot database on the second server and I configured the replication. Until now, it works very well. When I want to change the second server that to use its own Administrative Server, I ran this command on the second server: # /usr/sbin/register-ds-admin.pl it seems that this server isn't able to clean his old DS directory and it always asking me to enter the password... I also tried to installe the second server without installing the Administrative Server (setup-ds.pl instead of setup-ds-admin.pl) and I still face the same issue, not really same, but it always asks the password. I tried the trick of "PTA (Pass Thru Authentication" and it doesn't fix the issue. Here the log: [root@nlnmlp22 eleblanc]# /usr/sbin/register-ds-admin.pl Beginning registration of the Directory Server ==================================================================== The Directory Server locates its configuration file (dse.ldif) at /etc/dirsrv/slapd-ID, by default. If you have Directory Server(s) which configuration file is put at the other location, you need to input it to register the server. If you have such Directory Server, type the full path that stores the configuration file. If you don't, type return. [configuration directory path or return]: ==================================================================== Candidate servers to register: /etc/dirsrv/slapd-nlnmlp22 ==================================================================== Do you want to use this server as Configuration Directory Server? Directory server identifier: nlnmlp22 ==================================================================== Cleaning up old Config DS: ==================================================================== Please input the password for the Administrator User uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot: Error: failed to clean up the configuration info from the old Configuration Directory Server . ==================================================================== Please input the password for the Administrator User uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot: Error: failed to clean up the configuration info from the old Configuration Directory Server . Thank you very much for your help! E. _________________________________________________________________ If you like crossword puzzles, then you'll love Flexicon, a game which combines four overlapping crossword puzzles into one! http://g.msn.ca/ca55/208

15 years, 8 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users August 2008