IP change for FDS
by Sebastian Tabarce
We will have to change the IP address of our FD server since we will reorganize our network. Is there any trouble to be expected because of the IP change? We will not change the domain name, only the IP address.
Thanks,
Sebastian
14 years, 11 months
cmd line for changing password encryption
by vu pham
Using the GUI-tool Directory console, I can change the password
encryption from SSHA to other methods such as CRYPT.
How can I do it with the command line ?
Thanks,
Vu
14 years, 11 months
FDS Groups
by Jason Brown
I am having an issue with the groups that I set up on FDS. On a few servers
the groups show up just fine however on other servers they do not show up at
all. For instance, user1 logs in and types 'groups' or 'id' and their
primary group along with the supplementary groups show up. However, if
user1 logs into a different server only their primary group shows up. Both
servers have the exact same ldap.conf and there is only one FDS in which
they use.
14 years, 11 months
cert and key database failure
by Emmanuel BILLOT
Hi,
The cert.db and key.db file seems to be corrupted.
In GUI, we can see 3 certificates, one is cloned, one is valid. The
"detail" option does not work on the cloned one, whith a failure message.
We tried to manipulate db with certutil :
certutil -L -d ......
Certificate Name Trust
Attributes
server-cert u,,
IRDNEW u,pu,u
IRDNEW u,pu,u
IRD - IRD CT,,
p Valid peer
P Trusted peer (implies p)
c Valid CA
T Trusted CA to issue client certs (implies c)
C Trusted CA to certs(only server certs for ssl) (implies c)
u User cert
w Send warning
We tried to delete the cloned one but, here is an new error message :
certutil: could not find certificate named "IRDNEW": security library:
bad database.
What is the pb ?
BR,
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
14 years, 11 months
Re: [389-users] Replication failure
by Emmanuel BILLOT
Emmanuel BILLOT a écrit :
> Hi,
>
> There is a strange behaviour on our FDS servers...
> We want to replicate a 12000 entries database between 2 FDS. At the
> replication agrement end, we 've got an "Unwilling to perform" with "
> [13/May/2009:00:19:56 +0200] NS7bitAttr - ADD begin
> [13/May/2009:00:19:56 +0200] NS7bitAttr - ADD
> target=cn=t,cn=replica,cn=dc=ird\,dc=fr,cn=mapping tree,cn=config
> [13/May/2009:00:19:56 +0200] NSMMReplicationPlugin -
> agmtlist_add_callback: Can't start agreement
> "cn=t,cn=replica,cn=dc=ird\,dc=fr,cn=mapping tree,cn=config"
> "
> in the log...
>
> When the datablase is empty, the replication agrement creation works !!!
>
> How is it possible ?
>
Correction, even if the db is empty it fails.
How can i have other detailled logs ? Level is "replication" now.
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
14 years, 11 months
FDS cert check
by Emmanuel BILLOT
Hi,
I posted a question few weeks ago about cert recognizing when
replication begions. Indeed it seems that FDS works on SSL when
replicationg with "fake certs".
Ex : ldap1 replicates with ldap2 on 636 with SSL. Actually the cert used
by ldap2 to encrypt data must contain the ldap2 DNS name. However,
replication works even if the DNS name containes in the cert does not
corresond with the host.
THis particular feature is also present on S1DS. So i thought there is a
mistake in our configuration...
Is the any option that enforce DNS check on replication. ?
BR,
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
14 years, 11 months
Re: [389-users] Changed hostname of machine. FDS Admin Server FAILS to start: Could not reliably determine the server's fully qualified domain name
by Per Qvindesland
Check your /etc/host file and make sure that it says the correct ip
address and hostname
Per
--- Original message follows ---
SUBJECT: [389-users] Changed hostname of machine. FDS Admin Server
FAILS to start: Could not reliably determine the server's fully
qualified domain name
FROM: "David (Dave) Donnan"
TO: "Fedora-directory-users(a)redhat.com"
DATE: 15-05-2009 13:06
Hello everybody and thanks for the continued support. It's
incredible.
I thought I'd be clever and installed my FDS on a machine with a
hostname of localhost.localdomain
When I rename it to it's proper hostname, a.b.c, the admin server
FAILS when I start it:
./dirsrv-admin start
Starting dirsrv-admin:
httpd.worker: apr_sockaddr_info_get() failed for a.b.c
httpd.worker: Could not reliably determine the server's fully
qualified domain name, using 127.0.0.1 for ServerName
[FAILED]
Honestly, I've tried everything I can think of, for example:
- hacking /etc/init.d/dirsrv-admin
- hacking /etc/dirsrv/admin-serv/httpd.conf specifically the
variable: ServerName a.b.c:390
- hacking /usr/sbin/start-ds-admin
...
Q1. Can anyone recommend a solution ?
Thanks, Dave
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
14 years, 11 months
Changed hostname of machine. FDS Admin Server FAILS to start: Could not reliably determine the server's fully qualified domain name
by David (Dave) Donnan
Hello everybody and thanks for the continued support. It's incredible.
I thought I'd be clever and installed my FDS on a machine with a
hostname of localhost.localdomain
When I rename it to it's proper hostname, a.b.c, the admin server FAILS
when I start it:
./dirsrv-admin start
Starting dirsrv-admin:
httpd.worker: apr_sockaddr_info_get() failed for a.b.c
httpd.worker: Could not reliably determine the server's fully
qualified domain name, using 127.0.0.1 for ServerName
[FAILED]
Honestly, I've tried everything I can think of, for example:
- hacking /etc/init.d/dirsrv-admin
- hacking /etc/dirsrv/admin-serv/httpd.conf specifically the variable:
ServerName a.b.c:390
- hacking /usr/sbin/start-ds-admin
...
Q1. Can anyone recommend a solution ?
Thanks, Dave
14 years, 11 months