memberOf task problem
by John A. Sullivan III
Hello, all. We are in the process of upgrading from 8.0 to 8.1. We've
hit a few glitches along the way but most has gone well. However, we
wanted to implement the new memberOf functionality. We successfully
added the plugin by editing dse.ldif and enabled it from the console.
However, we've been unsuccessful in having existing group membership
assigned to the memberOf attribute.
We first tried to run fixup-memberOf.pl but the script does not exist.
There is a template.fixup-memberOf.pl but this does not seem to have
been built into a final script.
We then thought we would use the new task feature of the console. We
went to cn=memberof task,cn=tasks,cn=config and tried to create the task
object. There was no nsDirectoryServerTask objectclass. We added an
nstask but then found there was no basedn attribute we could add. We
then created an extensibleobject instead but still not basedn attribute.
Finally, we resorted to ldapmodify (we hesitated just because we are not
very familiar with the command line tools). First, we did:
dn: cn=fixMemberOf,cn=memberof task,cn=tasks,cn=config
changetype: add
objectclass: top
objectclass: extensibleObject
cn: fixMemberOf
basedn: o=Internal,dc=ssiservices,dc=biz
The Internal Organization has several organizations under it (for
various clients) and then user organizational units under those
organizations. Although it generated no errors, it did not seem to
work. Perhaps I just don't know how to test it. However, the following
did not return an memberOf data:
/usr/lib64/mozldap/ldapsearch -b
"ou=Users,o=client1,o=Internal,dc=ssiservices,dc=biz" -D "cn=Directory
Manager" -w - -h ldap uid=myid memberOf
Doing /usr/lib64/mozldap/ldapsearch -b
"ou=Users,o=client1,o=Internal,dc=ssiservices,dc=biz" -D "cn=Directory
Manager" -w - -h ldap uid=myid
showed me plenty of attributes but nothing for memberOf
I also tried creating the task with a basedn of
ou=Users,o=client1,o=Internal,dc=ssiservices,dc=biz in case it did not
change objects lower in the tree. Still no success.
Finally I tried:
dn: cn=fixMemberOf,cn=memberof task,cn=tasks,cn=config
changetype: add
objectclass: top
objectclass: nsDirectoryServerTask
cn: fixMemberOf
basedn: o=Internal,dc=ssiservices,dc=biz
adding new entry cn=fixMemberOf,cn=memberof task,cn=tasks,cn=config
ldap_add: Object class violation
ldap_add: additional info: unknown object class "nsDirectoryServerTask"
And received the expected unknown object class error.
What are we doing wrong? Are these documentation bugs? Are there
application bugs or do we simply not know what we are doing with tasks
and memberOf? How do we get the memberOf information into our existing
user objects? Thanks - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan(a)opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society
13 years, 12 months
added schema not showing up in admin console
by Mike Clayton
I am trying to configure bind to talk directly to 389-ds, i have
converted the dnszone.schema file that ships with bind-sdb to ldif
using:
perl ol-schema-migrate.pl -b /etc/openldap/schema/dnszone.schema
> /etc/dirsrv/slapd-dc0/schema/61bind-dns.ldif
and restarted the dirsrv service. but i can't seem to find an object
class or anything for dnsZone. i looked in the logs and did not see any
mention of dnsZone. Have i missed something or am i just not looking in
the right places
Mike
14 years, 1 month
Deleting entries that are not modified recently
by Kimmo Koivisto
Hello
I'm using fedora-ds-1.0.4-1.RHEL4 and I have an application that
creates and modifies entries located in FDS.
Application does not remote old entries, and I cannot change how
application works.
I would like to delete entries that are not modified recently with
either plain ldapsearch+ldapdelete or using some FDS tools, perl scipt
etc.
So, my question is, what is the easiest way to delete entries, for
example older that 3 months?
Regards,
Kimmo
14 years, 2 months
389 unusable on F11?
by Kevin Bowling
Hi,
I have been running FDS/389 on a F11 xen DomU for several months. I use
it as the backend for UNIX username/passwords and also for redMine (a
Ruby on Rails bug tracker) for http://www.gnucapplus.org/.
This VM would regularly lock up every week or so when 389 was still
called FDS. I've since upgraded to 389 by issuing 'yum upgrade' as well
as running the 'setup-...-.pl -u' script and now it barely goes a day
before crashing. When ldap crashes, the whole box basically becomes
unresponsive.
I left the Xen hardware console open to see what was up and the only
thing I could conclude was that 389 was crashing (if I issued a service
start it came back to life). Doing anything like a top or ls will
completely kill the box. Likewise, the logs show nothing at or before
the time of crash. I suspected too few file descriptors but changing
that to a very high number had no impact.
I was about to do a rip and replace with OpenLDAP which I use very
sucesessfully for our corporate systems but figured I ought to see if
anyone here can help or if I can submit any kind of meaningful bug
report first. I assume I will need to run 389's slapd without
daemonizing it and hope it spits something useful out to stderr. Any
advice here would be greatly appreciated, as would any success stories
of using 389 on F11.
I'm not subscribed to the list so please CC.
Regards,
Kevin Bowing
14 years, 2 months
Multiple versions of FDS in the same server
by Juan Asensio Sánchez
Hi
I don't know why, but I have multiple versions of the FDS packages
installed in the same server:
---------------------------------------------------------------------------------------------------------------
[root@XXXXXXXXXXXXXX ~]# rpm -qa | grep fedora | sort
fedora-admin-console-1.1.0-4.fc6
fedora-ds-1.1.0-3.fc6
fedora-ds-1.1.2-1.fc6
fedora-ds-admin-1.1.1-1.fc6
fedora-ds-admin-1.1.2-2.fc6
fedora-ds-admin-console-1.1.2-1.fc9
fedora-ds-admin-debuginfo-1.1.1-1.fc6
fedora-ds-admin-debuginfo-1.1.2-2.fc6
fedora-ds-base-1.1.0-3.fc6
fedora-ds-base-1.1.3-2.fc6
fedora-ds-base-debuginfo-1.1.1-1.fc6
fedora-ds-base-devel-1.1.0-3.fc6
fedora-ds-base-devel-1.1.3-2.fc6
fedora-ds-console-1.1.0-5.fc6
fedora-ds-console-1.1.2-2.fc9
fedora-ds-dsgw-1.1.1-1.fc6
fedora-idm-console-1.1.0-5.fc6
fedora-idm-console-debuginfo-1.1.0-5.fc6
---------------------------------------------------------------------------------------------------------------
How can this be possible? When updating, old versions shouldn't be
removed? What will happen when I'll try to update to 389DS 1.2?
---------------------------------------------------------------------------------------------------------------
[root@XXXXXXXXXXXXXXXXX yum.repos.d]# yum upgrade 389-ds
Loaded plugins: fastestmirror
Determining fastest mirrors
idmcommon 100% |=========================| 951 B 00:00
dirsrv 100% |=========================| 951 B 00:00
idmcommon-noarch 100% |=========================| 951 B 00:00
dirsrv-noarch 100% |=========================| 951 B 00:00
Setting up Upgrade Process
Resolving Dependencies
--> Running transaction check
---> Package 389-ds.noarch 0:1.1.3-4.el5 set to be updated
--> Processing Dependency: 389-ds-console for package: 389-ds
--> Processing Dependency: 389-ds-console-doc for package: 389-ds
--> Processing Dependency: 389-admin-console-doc for package: 389-ds
--> Processing Dependency: 389-admin for package: 389-ds
--> Processing Dependency: 389-admin-console for package: 389-ds
--> Processing Dependency: 389-dsgw for package: 389-ds
--> Processing Dependency: 389-console for package: 389-ds
--> Processing Dependency: 389-ds-base for package: 389-ds
--> Running transaction check
---> Package 389-console.noarch 0:1.1.3-3.el5 set to be updated
---> Package 389-dsgw.i386 0:1.1.4-1.el5 set to be updated
--> Processing Dependency: fedora-ds-base = 1.1.0-3.fc6 for package:
fedora-ds-base-devel
---> Package 389-ds-console.noarch 0:1.2.0-4.el5 set to be updated
---> Package 389-ds-console-doc.noarch 0:1.2.0-4.el5 set to be updated
---> Package 389-ds-base.i386 0:1.2.2-1.el5 set to be updated
--> Processing Dependency: fedora-ds-base = 1.1.3-2.fc6 for package:
fedora-ds-base-devel
---> Package 389-admin.i386 0:1.1.8-4.el5 set to be updated
---> Package 389-admin-console.noarch 0:1.1.4-1.el5 set to be updated
---> Package 389-admin-console-doc.noarch 0:1.1.4-1.el5 set to be updated
--> Running transaction check
---> Package 389-ds-base-devel.i386 0:1.2.2-1.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================================
Package Arch
Version Repository
Size
=============================================================================================================================================================
Installing:
389-admin i386
1.1.8-4.el5 dirsrv
368 k
replacing fedora-ds-admin.i386 1.1.1-1.fc6
389-admin-console noarch
1.1.4-1.el5 dirsrv
201 k
replacing fedora-ds-admin-console.noarch 1.1.2-1.fc9
389-console noarch
1.1.3-3.el5 idmcommon-noarch
72 k
replacing fedora-idm-console.i386 1.1.0-5.fc6
389-ds noarch
1.1.3-4.el5 dirsrv-noarch
8.6 k
replacing fedora-ds.i386 1.1.2-1.fc6
389-ds-base i386
1.2.2-1.el5 dirsrv-noarch
1.7 M
replacing fedora-ds-base.i386 1.1.3-2.fc6
389-ds-base-devel i386
1.2.2-1.el5 dirsrv-noarch
57 k
replacing fedora-ds-base-devel.i386 1.1.0-3.fc6
389-ds-console noarch
1.2.0-4.el5 dirsrv-noarch
1.4 M
replacing fedora-ds-console.noarch 1.1.0-5.fc6
389-dsgw i386
1.1.4-1.el5 dirsrv
1.1 M
replacing fedora-ds-dsgw.i386 1.1.1-1.fc6
Installing for dependencies:
389-admin-console-doc noarch
1.1.4-1.el5 dirsrv
39 k
389-ds-console-doc noarch
1.2.0-4.el5 dirsrv
53 k
Transaction Summary
=============================================================================================================================================================
Install 10 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 4.9 M
---------------------------------------------------------------------------------------------------------------
It won't remove all old versions? I know this is a topic more about
general package management than 389DS, but any help is wellcome.
Regards.
14 years, 2 months
Synchronze userPrincipalName
by Emmanuel BILLOT
Hi,
Is it possible to add userPrincipalName as an synchronized attribut
between 389DS and AD ? It is the last useful attribut that we need in
our DIT...
BR,
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
14 years, 2 months
authentication proxy
by renuka meher
Hi,
I am working on a project wherein i have to deploy Redhat's Dogtag
Certificate System in my organisation. I have set up a fedora directory
server on a system. There is an existing windows Active directory server.
What i need is as follows:
I need to use ldap for authentication check, in read only mode..A method to
check if the username and password is correct. Something like Authentication
proxy..
Thanks
14 years, 2 months
Do not find db2bak or ldif2db command
by Michael Kang
Dear Fedora Directory community,
After system upgrade is complete, I run yum install 389-ds to install fedora
directory server on Fedora 11.
I don't have db2bak or ldif2db command(or scripts). Did I miss some
packages?
Regards,
Michael
--
Michael Kang(康上明学)
There is a giant asleep within every man. When the giant awakens,miracles
happen.
Personal blog: http://ufusion.org - United Fusion
14 years, 2 months
Class of service removal
by Mikael Kermorgant
Hello,
I'm using 389 ds 1.2.0.
I've created a class of service on ou=people, which adds an attribute
with a specific attribute.
I've proceded in 3 steps :
1 - created an object of objectclass nscontainer named cn=cosTemplates
at the root of my tree
2 - under that object, created an object of class cosTemplate and
extensibleobject - added the desired attribute with default value for
ou=people
3 - created a class of service with the wizzard "New -> Class of
service" by right clicking on ou=people.
Strange thing is that the class of service applies, but I can't find
any object that corresponds to the class of service itself.
I tried to search with this filter (objectclass=cos*) but I don't get it.
Would you have any idea about how to find it in order to remove it for example ?
Best regards,
--
Mikael Kermorgant
14 years, 2 months
Using different bind user to add tasks
by Jonas Courteau
Hi:
I was wondering how to go about setting up an ACI to allow a different
user to add specific tasks. For example, say I created a special user
cn=backups,cn=config (or similar) and I wanted that user to be able to
add cn=backup,cn=tasks,cn=config entries to schedule backups, but not
allow them to do any other tasks.
The idea here is to have a specific user to trigger the backups remotely
without having to be including the directory manager password in
scripts.
I've been poking around with various ACIs but so far I'm kinda feeling
around in the dark. I'm sure someone else has done something along
these lines - any suggestions? Also, if you think this idea is silly
and you wish to share your backup best practices, I'd love to hear!
Thanks!
Jonas
14 years, 2 months
