December 2009 - 389-users - Fedora Mailing-Lists

by Chris Bryant

When configuring Microsoft Outlook (not Outlook Express) to access an LDAP directory, there is an option to 'Enable Browsing (requires server support)'. If this option is chosen and the directory server supports it, then you should be able to open the LDAP address book and page up and down through the results. I have been unable to get this working properly with 389 DS. When I try to browse from Outlook against the 389 DS directory, I am able to see the first page of results perfectly. However, if I move to the next page, only the first object returned will have any attributes included, and all of the rest of the objects in the page will have no attributes. I have a test perl script that duplicates this functionality as well. I can get this to work properly with an older version of Netscape Directory Server, and I can get it working with OpenDS. Since 389 DS advertises support for the controls that are required for this to work, just like the other two servers, then I would expect it to work there also. Has anyone out there gotten this to work with 389 DS? If so, can you share if there was anything special that you needed to do to get this to work? I'm trying to determine if this is a bug in the server, or if I'm just missing something in the configuration. Thanks, Chris USA.NET You Run Your Business. We'll Run Your Email. This message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information of USA.NET, Inc. Any unauthorized review, use, copying, disclosure, or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply email and delete all copies of the original message.

2 years, 9 months

3
2
0 / 0

Modifying Default Install Location

by Chun Tat David Chu

Hi All, I really like the original layout of the Fedora Directory Server where all files are installed in /opt/fedora-ds Is there a way to change/configure 389 Directory so all files are installed in /opt/389-ds or something equivalent? Thanks! David

13 years, 4 months

2
2
0 / 0

/etc/sudoers VS sudo-objects in directory server

by Kenneth Holter

Hi. We're working on setting up Red Hat Directory Server (RHDS), and need to make a decision about wether sudo information should be defined as sudo-objects in the directory server, or if we should stick to /etc/sudoers. I've played around with sudo-objects in the directory server, and got it working. But the way I see it, maintaining sudo information in /etc/sudoers is much easier than to maintain it in a directory server. In the latter case, I'd either have to use the GUI, or write scripts/ldif files to make necessary changes to the sudo setup, and they both seem less intuitive than to simply edit the /etc/sudoers file. I'd very much like to hear from others on their thoughts on wether to maintain sudo information in /etc/sudoers or in the directory server, so please feel free to post a reply. Best regards, Kenneth Holter

13 years, 5 months

4
8
0 / 0

What is addRSA.ldif?

by Chun Tat David Chu

HI All, I am following the instruction on how to enable SSL via http://www.directory.fedora.redhat.com/wiki/Howto:SSL One of the step mentioned to create "addRSA.ldif". What exactly does this file do? and why it is necessary? Thanks! - David

13 years, 5 months

2
2
0 / 0

Web interface to the user directory console?

by Kenneth Holter

Hi. We're setting up Red Hat Directory Server v8.1.0, and are able to access the Directory Server console by issuing the redhat-idm-console script. I can access the administration module by pointing my web browser to port 9830 on the LDAP server. But is there a way to get access to the directory server (i.e. user management and stuff) from a web interface? I would be great to access the user directory via a web interface, instead of using SSH'ing into the ldap server and use X forwarding to get the console up and running. Best regards, Kenneth Holter

13 years, 5 months

3
3
0 / 0

ADS <==> FedoraDS <==> Linux/Unix Clients?

by Ajeet S Raina

I have a certain query regarding the following structure: Code: Active Directory Server || || Fedora Directory Server <=> Client(Linux | Fedora | Ubuntu | Solaris | HP) Let me explain you what I want: 1.There is a company Active Directory Server under domain intinfra.com.As of now there are limited Windows Desktop Machine under that domain.I have few Linux / Unix Machines which I want to authenticate through ADS(which are presently not under ADS).Why? Becoz' everytime I need to delete the users whenver they leave the project.Thats Cumbersome. So what I want is Setup Fedora DS(Wonder if We can do that without Fedora DS).Now I can ads join to Fedora DS(I have administrative privileges for ADS).What I really want to know is: If I join Fedora DS to ADS then all employee can login to the Linux Machine through their login credentials. I dont want that to happen.We have 3000 employee in intinfra Domain but We are only 30 Admins. I only want those 30-40 admins to login restrictly.Is it possible to restrict at FedoraDS level. 2.Say, I joined ADS and fedora DS and say after 30 days one of System Admin left the company.So his name will be removed from ADS. Is it possible that ADS and Fedora DS are synchronized in such a way that a user whose name gets deleted in ADS, gets deleted too from fedora .Do fedora DS has the capability to synchronize to ADS everytime. Pls Suggest.

13 years, 5 months

3
5
0 / 0

Re: [389-users] nscd: nss_ldap: could not search LDAP server - Server is unavailable

by Morris, Patrick

Prashanth Sundaram wrote: > I have two 389-ds servers with MMR via TLS and client hosts > authenticating via TLS. I see this error message in all client machines > in /var/log/messages. It seems nscd is failing at random intervals. Has > anyone seen this before? > Dec 29 10:35:35 dmc189 nscd: nss_ldap: could not search LDAP server - > Server is unavailable > Dec 29 11:00:21 dmc189 nscd: nss_ldap: could not search LDAP server - > Server is unavailable > Dec 29 11:12:15 dmc189 nscd: nss_ldap: could not search LDAP server - > Server is unavailable Sure. It can be caused by several things: intermittent connectivity issues, server malfunctions (the server log's a good place to look for those), and several other possibilities. It could also be caused by problems with nss_ldap itself, especially given the ldap.conf you've provided. What version are you running, and on which platform?

13 years, 5 months

2
2
0 / 0

389-adminutil error

by Prashanth Sundaram

Hi Rich, I am getting this error when I install 389-adminutil. Any idea which package gives these dependencies? [root@ldap02 psundaram]# yum install 389-adminutilLoaded plugins: fastestmirror Loading mirror speeds from cached hostfile Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package 389-adminutil.i386 0:1.1.8-4.el5 set to be updated --> Processing Dependency: libssl3.so for package: 389-adminutil --> Processing Dependency: libplc4.so for package: 389-adminutil --> Processing Dependency: libldap60.so for package: 389-adminutil --> Processing Dependency: libnss3.so for package: 389-adminutil --> Processing Dependency: libnss3.so(NSS_3.5) for package: 389-adminutil --> Processing Dependency: libldif60.so for package: 389-adminutil --> Processing Dependency: libssl3.so(NSS_3.2) for package: 389-adminutil --> Processing Dependency: libnspr4.so for package: 389-adminutil --> Processing Dependency: libnss3.so(NSS_3.2) for package: 389-adminutil --> Processing Dependency: libprldap60.so for package: 389-adminutil --> Processing Dependency: libssldap60.so for package: 389-adminutil ---> Package 389-adminutil.x86_64 0:1.1.8-4.el5 set to be updated --> Running transaction check ---> Package 389-adminutil.i386 0:1.1.8-4.el5 set to be updated --> Processing Dependency: libldap60.so for package: 389-adminutil --> Processing Dependency: libldif60.so for package: 389-adminutil --> Processing Dependency: libprldap60.so for package: 389-adminutil --> Processing Dependency: libssldap60.so for package: 389-adminutil ---> Package nspr.i386 0:4.7.6-1.el5_4 set to be updated ---> Package nss.i386 0:3.12.3.99.3-1.el5.centos.2 set to be updated --> Finished Dependency Resolution 389-adminutil-1.1.8-4.el5.i386 from epel has depsolving problems --> Missing Dependency: libldap60.so is needed by package 389-adminutil-1.1.8-4.el5.i386 (epel) 389-adminutil-1.1.8-4.el5.i386 from epel has depsolving problems --> Missing Dependency: libssldap60.so is needed by package 389-adminutil-1.1.8-4.el5.i386 (epel) 389-adminutil-1.1.8-4.el5.i386 from epel has depsolving problems --> Missing Dependency: libldif60.so is needed by package 389-adminutil-1.1.8-4.el5.i386 (epel) 389-adminutil-1.1.8-4.el5.i386 from epel has depsolving problems --> Missing Dependency: libprldap60.so is needed by package 389-adminutil-1.1.8-4.el5.i386 (epel) Error: Missing Dependency: libprldap60.so is needed by package 389-adminutil-1.1.8-4.el5.i386 (epel) Error: Missing Dependency: libssldap60.so is needed by package 389-adminutil-1.1.8-4.el5.i386 (epel) Error: Missing Dependency: libldap60.so is needed by package 389-adminutil-1.1.8-4.el5.i386 (epel) Error: Missing Dependency: libldif60.so is needed by package 389-adminutil-1.1.8-4.el5.i386 (epel) You could try using --skip-broken to work around the problem You could try running: package-cleanup --problems package-cleanup --dupes rpm -Va --nofiles nodigest -Prashanth

13 years, 5 months

2
1
0 / 0

SubjectAltName MMR question

by Prashanth Sundaram

Hi All, Which one of the case below is suitable for a Multi-Master replication. I have a load balancer with ldap.domain.com, which is what clients will use to authenticate. Question: Which one is a better implementation? What are the trade-offs? Please input your feedback as it might be useful for someone coming this way later. This can serve as a knowledge bank. Case-I ldap01: server-cert with cn=ldap01.domain.com, subjAltName=ldap.domain.com ldap02: server-cert with cn=ldap02.domain.com, subjAltName=ldap.domain.com -MMR with tls throws error when ³Check hostname against name in certificate for outbound SSL connections² option is enabled. But RH recommends it to be turned ON. Case-II ldap01: server-cert with cn=ldap.domain.com, subjAltName=ldap01.domain.com, ldap02.domain.com ldap01: server-cert with cn=ldap.domain.com, subjAltName=ldap01.domain.com,ldap02.domain.com -Does not comply with the requirement that ³server-cert² should have hostname as cn.I found this method working perfectly fine. Knowledge Sharing: Here¹s a useful link which I use all the time and look before posting to the list. This is the archive for the mailing list and has search feature which very useful. http://www.mail-archive.com/fedora-directory-users@redhat.com/info.html

13 years, 5 months

2
1
0 / 0

Looking for some advise

by Scott Kaminski

Hello, I'm trying to setup a simple Kerberos/LDAP solution instead of going down the NIS route and I haven't had much luck. I have a mix of around 30 CentOS 5 and 4 machines. I want to use 389 as my directory server. Is anyone aware of a complete howto on how to set this up using 389? Also I was wondering if someone could clarify the relationship between kerberos and ldap? I've got a functional kerberos and ldap server running on two vm's and i've setup one server as the primary kdc and admin server and configured it to replicate the kerberos data. I've setup both machines to authenticate using kerberos and to obtain user info using ldap. How do i know that i'm actually using ldap + kerberos properly?

13 years, 5 months

3
3
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users December 2009