389-users January 2010

389-users@lists.fedoraproject.org

57 participants
104 discussions

Problem browsing LDAP with Outlook
by Chris Bryant 26 Aug '20

26 Aug '20

When configuring Microsoft Outlook (not Outlook Express) to access an LDAP directory, there is an option to 'Enable Browsing (requires server support)'. If this option is chosen and the directory server supports it, then you should be able to open the LDAP address book and page up and down through the results. I have been unable to get this working properly with 389 DS. When I try to browse from Outlook against the 389 DS directory, I am able to see the first page of results perfectly. However, if I move to the next page, only the first object returned will have any attributes included, and all of the rest of the objects in the page will have no attributes. I have a test perl script that duplicates this functionality as well. I can get this to work properly with an older version of Netscape Directory Server, and I can get it working with OpenDS. Since 389 DS advertises support for the controls that are required for this to work, just like the other two servers, then I would expect it to work there also. Has anyone out there gotten this to work with 389 DS? If so, can you share if there was anything special that you needed to do to get this to work? I'm trying to determine if this is a bug in the server, or if I'm just missing something in the configuration. Thanks, Chris USA.NET You Run Your Business. We'll Run Your Email. This message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information of USA.NET, Inc. Any unauthorized review, use, copying, disclosure, or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply email and delete all copies of the original message.

3 2

New Kickstart for 389-DS?
by Ajeet S Raina 30 Jan '10

30 Jan '10

*How to Write Kickstart for Menu Options?* ------------------------------ Guys, I am attempting to write a kickstart file for Fedora Directory Server. I am stuck at some menu options. here is what I have written so far: Code: install cdrom lang en_US.UTF-8 keyboard us network --device eth0 --bootproto dhcp rootpw --iscrypted $1$cW6ftsMX$m8QzoZCIg1xvPT9cWYR3U0 firewall --disabled authconfig --enableshadow --enablemd5 selinux --disabled timezone Asia/Kolkata bootloader --location=mbr --driveorder=sda # The following is the partition information you requested # Note that any partitions you deleted are not expressed # here so unless you clear all partitions first, this is # not guaranteed to work #clearpart --linux #part /boot --fstype ext3 --size=100 #part swap --size=512 #part / --fstype ext3 --size=100 --grow %packages @core %post yum install *ldap* -y yum install 389* -y yum install wget -y rpm -ivh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.r… useradd fds yum install openldap-clients -y cat<<EOF>/usr/sbin/setup-ds-admin.pl Now the Last line is attempt to select run time options. Below is what I want to collect through this menu: Code: [root@localhost ~]# /usr/sbin/setup-ds-admin.pl ============================================================================== This program will set up the 389 Directory and Administration Servers. It is recommended that you have "root" privilege to set up the software. Tips for using this program: - Press "Enter" to choose the default and go to the next screen - Type "Control-B" then "Enter" to go back to the previous screen - Type "Control-C" to cancel the setup program Would you like to continue with set up? [yes]: yes ============================================================================== BY SETTING UP AND USING THIS SOFTWARE YOU ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THE AGREEMENT FOUND IN THE LICENSE.TXT FILE. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, PLEASE DO NOT SET UP OR USE THIS SOFTWARE. Do you agree to the license terms? [no]: *yes* ============================================================================== Your system has been scanned for potential problems, missing patches, etc. The following output is a report of the items found that need to be addressed before running this software in a production environment. 389 Directory Server system tuning analysis version 10-AUGUST-2007. NOTICE : System is i686-unknown-linux2.6.18-164.el5 (1 processor). ERROR : Only 249MB of physical memory is available on the system. 256MB is the recommended minimum. 1024MB is recommended for best performance on large production system. NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds (120 minutes). This may cause temporary server congestion from lost client connections. WARNING: There are only 1024 file descriptors (hard limit) available, which limit the number of simultaneous connections. WARNING: There are only 1024 file descriptors (soft limit) available, which limit the number of simultaneous connections. ERROR : The above errors MUST be corrected before proceeding. Would you like to continue? [no]: *yes* ============================================================================== Choose a setup type: 1. Express Allows you to quickly set up the servers using the most common options and pre-defined defaults. Useful for quick evaluation of the products. 2. Typical Allows you to specify common defaults and options. 3. Custom Allows you to specify more advanced options. This is recommended for experienced server administrators only. To accept the default shown in brackets, press the Enter key. Choose a setup type [2]:* 2* ============================================================================== Enter the fully qualified domain name of the computer on which you're setting up server software. Using the form <hostname>.<domainname> Example: eros.example.com. To accept the default shown in brackets, press the Enter key. Computer name [389-ds.sap.com] ============================================================================== The servers must run as a specific user in a specific group. It is strongly recommended that this user should have no privileges on the computer (i.e. a non-root user). The setup procedure will give this user/group some permissions in specific paths/files to perform server-specific operations. If you have not yet created a user and group for the servers, create this user and group using your native operating system utilities. System User [nobody]: *fds* System Group [nobody]: *fds* ============================================================================== Server information is stored in the configuration directory server. This information is used by the console and administration server to configure and manage your servers. If you have already set up a configuration directory server, you should register any servers you set up or create with the configuration server. To do so, the following information about the configuration server is required: the fully qualified host name of the form <hostname>.<domainname>(e.g. hostname.example.com) the port number (default 389), the suffix, the DN and password of a user having permission to write the configuration information, usually the configuration directory administrator, and if you are using security (TLS/SSL). If you are using TLS/SSL, specify the TLS/SSL (LDAPS) port number (default 636) instead of the regular LDAP port number, and provide the CA certificate (in PEM/ASCII format). If you do not yet have a configuration directory server, enter 'No' to be prompted to set up one. Do you want to register this software with an existing configuration directory server? [no]: *no* ============================================================================== Please enter the administrator ID for the configuration directory server. This is the ID typically used to log in to the console. You will also be prompted for the password. Configuration directory server administrator ID [admin]: Password: Password (confirm): ============================================================================== The information stored in the configuration directory server can be separated into different Administration Domains. If you are managing multiple software releases at the same time, or managing information about multiple domains, you may use the Administration Domain to keep them separate. If you are not using administrative domains, press Enter to select the default. Otherwise, enter some descriptive, unique name for the administration domain, such as the name of the organization responsible for managing the domain. Administration Domain [sap.com] *immt.sap.com* ============================================================================== The standard directory server network port number is 389. However, if you are not logged as the superuser, or port 389 is in use, the default value will be a random unused port number greater than 1024. If you want to use port 389, make sure that you are logged in as the superuser, that port 389 is not in use. Directory server network port [389]:* 389* ============================================================================== Each instance of a directory server requires a unique identifier. This identifier is used to name the various instance specific files and directories in the file system, as well as for other uses as a server instance identifier. Directory server identifier [389-ds]: ============================================================================== The suffix is the root of your directory tree. The suffix must be a valid DN. It is recommended that you use the dc=domaincomponent suffix convention. For example, if your domain is example.com, you should use dc=example,dc=com for your suffix. Setup will create this initial suffix for you, but you may have more than one suffix. Use the directory server utilities to create additional suffixes. Suffix [dc=sap, dc=com]: *dc=immt,dc=sap. ,dc=com* ============================================================================== Certain directory server operations require an administrative user. This user is referred to as the Directory Manager and typically has a bind Distinguished Name (DN) of cn=Directory Manager. You will also be prompted for the password for this user. The password must be at least 8 characters long, and contain no spaces. Press Control-B or type the word "back", then Enter to back up and start over. Directory Manager DN [cn=Directory Manager]: Password: Password (confirm): ============================================================================== The Administration Server is separate from any of your web or application servers since it listens to a different port and access to it is restricted. Pick a port number between 1024 and 65535 to run your Administration Server on. You should NOT use a port number which you plan to run a web or application server on, rather, select a number which you will remember and which will not be used for anything else. Administration port [9830]: ============================================================================== The interactive phase is complete. The script will now set up your servers. Enter No or go Back if you want to change something. Are you ready to set up your servers? [yes]: yes Creating directory server . . . Your new DS instance '389-ds' was successfully created. Creating the configuration directory server . . . Beginning Admin Server creation . . . Creating Admin Server files and directories . . . Updating adm.conf . . . Updating admpw . . . Registering admin server with the configuration directory server . . . Updating adm.conf with information from configuration directory server . . . Updating the configuration for the httpd engine . . . Starting admin server . . . The admin server was successfully started. Admin server was successfully created, configured, and started. Exiting . . . Log file is '/tmp/setupsi7UPc.log' Anyone who can help how to include these stuffs in the kickstart.

3 4

Strange about MMR Setup?
by Ajeet S Raina 30 Jan '10

30 Jan '10

Hello Guys, I have setup two Machines for Master to Master Replication.The Hostname of first Machine is 389-supplier.sap.com and the other one 389-consumer.sap.com.Things were going on fine till yesterday. Surprisingly, when I opened 389-Management Console of both the Server (configured with Self Signed Certificate) I first explored through Supplier. I clicked on Directory Server and could see everything seems fine.But when I opened 389-Consumer, I was surprised to see the name of entire directory Structure changed to 389-supplier.sap.com. Is it because of Replication?

2 4

sort on createTimestamp via JNDI
by Derek Alexander 29 Jan '10

29 Jan '10

Hi, Was trying to do a search against the directory, with results sorted on the createTimestamp attribute using JNDI. Got this back: javax.naming.OperationNotSupportedException: [LDAP: error code 12 - Sort Response Control]; remaining name '...' Any idea of the reason for this? I was under the impression that server-side sorting was supported. Cheers, Derek Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/planningAndCorporatePolicy/legalandComplia…

2 1

I have a question about the 389 ds
by 馬小布 29 Jan '10

29 Jan '10

Hi ,all : I am a newbie to here and I also install the 389 ds in our company for managering all users account and passwd . Today , The boss asked me if the ds could set the users vnc screen geometry in the config file . Because the user's computer screen is not the same and have different geometries. If it could , then we were happy that can solve the user's vnc problem . Then , I try to search it via Googling , but have not search the useful information about it yet . I know we can use the ds to set the uid or home directory and so on , can the 389 ds do it ?Or maybe add some atrributes ? Could someone give me some suggestions about it ? Thanks in advance ~

1 0

Issue with Multi-Master Replication
by Ajeet S Raina 28 Jan '10

28 Jan '10

I tried running mmr.pl script to setup Multi-master Replication and the script went fine: [root@389-supplier opt]# ./mmr.pl --host1 389-supplier.sap --host2 389-consumer.sap --host1_id 1 --host2_id 2 --bindpw '!nfra1sst' --repmanpw '!nfra1sst' --create adding to 389-supplier.sap -> cn=changelog5,cn=config -> already exists adding to 389-supplier.sap -> cn=repman,cn=config adding to 389-supplier.sap -> cn=replica,cn="o=netscaperoot",cn=mapping tree,cn=config adding to 389-consumer.sap -> cn=changelog5,cn=config -> already exists adding to 389-consumer.sap -> cn=repman,cn=config adding to 389-consumer.sap -> cn=replica,cn="o=netscaperoot",cn=mapping tree,cn=config adding to 389-supplier.sap -> plaintext replication 389-supplier.sap -> 389-consumer.sap adding to 389-consumer.sap -> plaintext replication 389-consumer.sap -> 389-supplier.sap initializing replication 389-supplier.sap -> 389-consumer.sap (port 389) [root@389-supplier opt]# To check if it worked fine. I checked the consumer logs: and found few errors: root@389-consumer ~]# tail -f /var/log/dirsrv/slapd-389-consumer/errors [29/Jan/2010:03:04:54 +051800] NSMMReplicationPlugin - agmt="cn="Replication to 389-supplier.sap"" (389-supplier:389): *Replica has a different generation ID than the local data*. [29/Jan/2010:03:04:55 +051800] NSMMReplicationPlugin - multimaster_be_state_change: replica o=netscaperoot is going offline; disabling replication [29/Jan/2010:03:04:57 +051800] - WARNING: *Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database* [29/Jan/2010:03:04:59 +051800] - import NetscapeRoot: Workers finished; cleaning up... [29/Jan/2010:03:04:59 +051800] - import NetscapeRoot: Workers cleaned up. [29/Jan/2010:03:04:59 +051800] - import NetscapeRoot: Indexing complete. Post-processing... [29/Jan/2010:03:04:59 +051800] - import NetscapeRoot: Flushing caches... [29/Jan/2010:03:04:59 +051800] - import NetscapeRoot: Closing files... [29/Jan/2010:03:05:00 +051800] - import NetscapeRoot: Import complete. Processed 107 entries in 3 seconds. (35.67 entries/sec) [29/Jan/2010:03:05:00 +051800] NSMMReplicationPlugin - multimaster_be_state_change: replica o=netscaperoot is coming online; enabling replication ---------------------------------------------------------------------- [root@389-consumer ~]# I tried adding a User under ou=People and it dint take effect on the consumer machine.

1 0

Multi-Master Replication..
by Ajeet S Raina 28 Jan '10

28 Jan '10

I have been following the link: http://directory.fedoraproject.org/wiki/Howto:MultiMasterReplication to setup Multi-Master Replication. Are those enough steps? Dont we need to enable changelog manually through Console. Also, Don't we need to Select Directory > Replication > Enable Replica > Supplied DN? Does mmr.pl script does it all?

3 3

389 and MySQL replication
by John A. Sullivan III 28 Jan '10

28 Jan '10

Hello, all. We were very much hoping to use 389 (actually CentOS Directory Server) as the GAL for our multi-tenant Zimbra installation. However, it just doesn't seem to give us the flexibility we need. Users really want to manipulate the data through their Zimbra mail interface. However, we'd still like to get the data into the directory so other applications can use it. The Zimbra address books are stored in MySQL. We've heard of the ability to get OpenLDAP to read a MySQL database to resolve queries (I believe something like http://www.clusterdb.com/mysql-cluster/accessing-the-same-data-through-ldap… ). Is there any way to do this with 389? Thanks - John

1 0

search on mail attribute no longer case insensative
by Terry Soucy 28 Jan '10

28 Jan '10

Good morning Folks, We upgraded from 389 DS 1.2.2 to 1.2.5 this AM and found that searches on the mail attribute are no longer case insensative. Has anyone else found this? Terry -- Terry Soucy, Systems Analyst Integrated Technology Services University of New Brunswick, Fredericton Campus http://www.unbf.ca/its Voice: 506.447.3018 Fax: 506.453.3590 E-mail: terry.soucy(a)unb.ca ** ITS is a scent-reduced workplace - www.unbf.ca/its/policies **

4 6

MMR Error?
by Ajeet S Raina 28 Jan '10

28 Jan '10

I am in verse to setup MMR on two centOS Machines. I tried running: ./mmr.pl --host1 389-supplier.sap.com --host2 389-consumer.sap.com--host1_id 1 --host2_id 2 --bindpw password --repmanpw password --create It is working but when I checked at consumer side, is throwing error: Replica has a different generation ID than the local data.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users January 2010