Problem browsing LDAP with Outlook
by Chris Bryant
When configuring Microsoft Outlook (not Outlook Express) to access an LDAP directory, there is an option to 'Enable Browsing (requires server support)'. If this option is chosen and the directory server supports it, then you should be able to open the LDAP address book and page up and down through the results. I have been unable to get this working properly with 389 DS.
When I try to browse from Outlook against the 389 DS directory, I am able to see the first page of results perfectly. However, if I move to the next page, only the first object returned will have any attributes included, and all of the rest of the objects in the page will have no attributes. I have a test perl script that duplicates this functionality as well.
I can get this to work properly with an older version of Netscape Directory Server, and I can get it working with OpenDS. Since 389 DS advertises support for the controls that are required for this to work, just like the other two servers, then I would expect it to work there also.
Has anyone out there gotten this to work with 389 DS? If so, can you share if there was anything special that you needed to do to get this to work? I'm trying to determine if this is a bug in the server, or if I'm just missing something in the configuration.
Thanks,
Chris
USA.NET
You Run Your Business. We'll Run Your Email.
This message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information of USA.NET, Inc. Any unauthorized review, use, copying, disclosure, or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply email and delete all copies of the original message.
3 years, 3 months
New Kickstart for 389-DS?
by Ajeet S Raina
*How to Write Kickstart for Menu Options?*
------------------------------
Guys,
I am attempting to write a kickstart file for Fedora Directory Server.
I am stuck at some menu options. here is what I have written so far:
Code:
install
cdrom
lang en_US.UTF-8
keyboard us
network --device eth0 --bootproto dhcp
rootpw --iscrypted $1$cW6ftsMX$m8QzoZCIg1xvPT9cWYR3U0
firewall --disabled
authconfig --enableshadow --enablemd5
selinux --disabled
timezone Asia/Kolkata
bootloader --location=mbr --driveorder=sda
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
#clearpart --linux
#part /boot --fstype ext3 --size=100
#part swap --size=512
#part / --fstype ext3 --size=100 --grow
%packages
@core
%post
yum install *ldap* -y
yum install 389* -y
yum install wget -y
rpm -ivh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch...
useradd fds
yum install openldap-clients -y
cat<<EOF>/usr/sbin/setup-ds-admin.pl
Now the Last line is attempt to select run time options.
Below is what I want to collect through this menu:
Code:
[root@localhost ~]# /usr/sbin/setup-ds-admin.pl
==============================================================================
This program will set up the 389 Directory and Administration Servers.
It is recommended that you have "root" privilege to set up the software.
Tips for using this program:
- Press "Enter" to choose the default and go to the next screen
- Type "Control-B" then "Enter" to go back to the previous screen
- Type "Control-C" to cancel the setup program
Would you like to continue with set up? [yes]: yes
==============================================================================
BY SETTING UP AND USING THIS SOFTWARE YOU ARE CONSENTING TO BE BOUND BY
AND ARE BECOMING A PARTY TO THE AGREEMENT FOUND IN THE
LICENSE.TXT FILE. IF YOU DO NOT AGREE TO ALL OF THE TERMS
OF THIS AGREEMENT, PLEASE DO NOT SET UP OR USE THIS SOFTWARE.
Do you agree to the license terms? [no]: *yes*
==============================================================================
Your system has been scanned for potential problems, missing patches,
etc. The following output is a report of the items found that need to
be addressed before running this software in a production
environment.
389 Directory Server system tuning analysis version 10-AUGUST-2007.
NOTICE : System is i686-unknown-linux2.6.18-164.el5 (1 processor).
ERROR : Only 249MB of physical memory is available on the system. 256MB is the
recommended minimum. 1024MB is recommended for best performance on
large production system.
NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds
(120 minutes). This may cause temporary server congestion from lost
client connections.
WARNING: There are only 1024 file descriptors (hard limit) available, which
limit the number of simultaneous connections.
WARNING: There are only 1024 file descriptors (soft limit) available, which
limit the number of simultaneous connections.
ERROR : The above errors MUST be corrected before proceeding.
Would you like to continue? [no]: *yes*
==============================================================================
Choose a setup type:
1. Express
Allows you to quickly set up the servers using the most
common options and pre-defined defaults. Useful for quick
evaluation of the products.
2. Typical
Allows you to specify common defaults and options.
3. Custom
Allows you to specify more advanced options. This is
recommended for experienced server administrators only.
To accept the default shown in brackets, press the Enter key.
Choose a setup type [2]:* 2*
==============================================================================
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: eros.example.com.
To accept the default shown in brackets, press the Enter key.
Computer name [389-ds.sap.com]:
==============================================================================
The servers must run as a specific user in a specific group.
It is strongly recommended that this user should have no privileges
on the computer (i.e. a non-root user). The setup procedure
will give this user/group some permissions in specific paths/files
to perform server-specific operations.
If you have not yet created a user and group for the servers,
create this user and group using your native operating
system utilities.
System User [nobody]: *fds*
System Group [nobody]: *fds*
==============================================================================
Server information is stored in the configuration directory server.
This information is used by the console and administration server to
configure and manage your servers. If you have already set up a
configuration directory server, you should register any servers you
set up or create with the configuration server. To do so, the
following information about the configuration server is required: the
fully qualified host name of the form
<hostname>.<domainname>(e.g. hostname.example.com), the port number
(default 389), the suffix, the DN and password of a user having
permission to write the configuration information, usually the
configuration directory administrator, and if you are using security
(TLS/SSL). If you are using TLS/SSL, specify the TLS/SSL (LDAPS) port
number (default 636) instead of the regular LDAP port number, and
provide the CA certificate (in PEM/ASCII format).
If you do not yet have a configuration directory server, enter 'No' to
be prompted to set up one.
Do you want to register this software with an existing
configuration directory server? [no]: *no*
==============================================================================
Please enter the administrator ID for the configuration directory
server. This is the ID typically used to log in to the console. You
will also be prompted for the password.
Configuration directory server
administrator ID [admin]:
Password:
Password (confirm):
==============================================================================
The information stored in the configuration directory server can be
separated into different Administration Domains. If you are managing
multiple software releases at the same time, or managing information
about multiple domains, you may use the Administration Domain to keep
them separate.
If you are not using administrative domains, press Enter to select the
default. Otherwise, enter some descriptive, unique name for the
administration domain, such as the name of the organization
responsible for managing the domain.
Administration Domain [sap.com]: *immt.sap.com*
==============================================================================
The standard directory server network port number is 389. However, if
you are not logged as the superuser, or port 389 is in use, the
default value will be a random unused port number greater than 1024.
If you want to use port 389, make sure that you are logged in as the
superuser, that port 389 is not in use.
Directory server network port [389]:* 389*
==============================================================================
Each instance of a directory server requires a unique identifier.
This identifier is used to name the various
instance specific files and directories in the file system,
as well as for other uses as a server instance identifier.
Directory server identifier [389-ds]:
==============================================================================
The suffix is the root of your directory tree. The suffix must be a valid DN.
It is recommended that you use the dc=domaincomponent suffix convention.
For example, if your domain is example.com,
you should use dc=example,dc=com for your suffix.
Setup will create this initial suffix for you,
but you may have more than one suffix.
Use the directory server utilities to create additional suffixes.
Suffix [dc=sap, dc=com]: *dc=immt,dc=sap. ,dc=com*
==============================================================================
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and typically has a
bind Distinguished Name (DN) of cn=Directory Manager.
You will also be prompted for the password for this user. The password must
be at least 8 characters long, and contain no spaces.
Press Control-B or type the word "back", then Enter to back up and start over.
Directory Manager DN [cn=Directory Manager]:
Password:
Password (confirm):
==============================================================================
The Administration Server is separate from any of your web or application
servers since it listens to a different port and access to it is
restricted.
Pick a port number between 1024 and 65535 to run your Administration
Server on. You should NOT use a port number which you plan to
run a web or application server on, rather, select a number which you
will remember and which will not be used for anything else.
Administration port [9830]:
==============================================================================
The interactive phase is complete. The script will now set up your
servers. Enter No or go Back if you want to change something.
Are you ready to set up your servers? [yes]: yes
Creating directory server . . .
Your new DS instance '389-ds' was successfully created.
Creating the configuration directory server . . .
Beginning Admin Server creation . . .
Creating Admin Server files and directories . . .
Updating adm.conf . . .
Updating admpw . . .
Registering admin server with the configuration directory server . . .
Updating adm.conf with information from configuration directory server . . .
Updating the configuration for the httpd engine . . .
Starting admin server . . .
The admin server was successfully started.
Admin server was successfully created, configured, and started.
Exiting . . .
Log file is '/tmp/setupsi7UPc.log'
Anyone who can help how to include these stuffs in the kickstart.
13 years, 10 months
Strange about MMR Setup?
by Ajeet S Raina
Hello Guys,
I have setup two Machines for Master to Master Replication.The Hostname of
first Machine is 389-supplier.sap.com and the other one
389-consumer.sap.com.Things were going on fine till yesterday. Surprisingly,
when I opened 389-Management Console of both the Server (configured with
Self Signed Certificate) I first explored through Supplier. I clicked on
Directory Server and could see everything seems fine.But when I opened
389-Consumer, I was surprised to see the name of entire directory Structure
changed to 389-supplier.sap.com.
Is it because of Replication?
13 years, 10 months
sort on createTimestamp via JNDI
by Derek Alexander
Hi,
Was trying to do a search against the directory, with results sorted on the createTimestamp
attribute using JNDI.
Got this back:
javax.naming.OperationNotSupportedException: [LDAP: error code 12 - Sort Response Control];
remaining name '...'
Any idea of the reason for this?
I was under the impression that server-side sorting was supported.
Cheers,
Derek
Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/planningAndCorporatePolicy/legalandCompl...
13 years, 10 months
I have a question about the 389 ds
by 馬小布
Hi ,all :
I am a newbie to here and I also install the 389 ds in our company for
managering all users account and passwd .
Today , The boss asked me if the ds could set the users vnc screen geometry
in the config file .
Because the user's computer screen is not the same and have different
geometries.
If it could , then we were happy that can solve the user's vnc problem .
Then , I try to search it via Googling , but have not search the useful
information about it yet .
I know we can use the ds to set the uid or home directory and so on ,
can the 389 ds do it ?Or maybe add some atrributes ?
Could someone give me some suggestions about it ?
Thanks in advance ~
13 years, 10 months
Issue with Multi-Master Replication
by Ajeet S Raina
I tried running mmr.pl script to setup Multi-master Replication and the
script went fine:
[root@389-supplier opt]# ./mmr.pl --host1 389-supplier.sap --host2
389-consumer.sap --host1_id 1 --host2_id 2 --bindpw '!nfra1sst' --repmanpw
'!nfra1sst' --create
adding to 389-supplier.sap -> cn=changelog5,cn=config
-> already exists
adding to 389-supplier.sap -> cn=repman,cn=config
adding to 389-supplier.sap -> cn=replica,cn="o=netscaperoot",cn=mapping
tree,cn=config
adding to 389-consumer.sap -> cn=changelog5,cn=config
-> already exists
adding to 389-consumer.sap -> cn=repman,cn=config
adding to 389-consumer.sap -> cn=replica,cn="o=netscaperoot",cn=mapping
tree,cn=config
adding to 389-supplier.sap -> plaintext replication 389-supplier.sap ->
389-consumer.sap
adding to 389-consumer.sap -> plaintext replication 389-consumer.sap ->
389-supplier.sap
initializing replication 389-supplier.sap -> 389-consumer.sap (port 389)
[root@389-supplier opt]#
To check if it worked fine. I checked the consumer logs:
and found few errors:
root@389-consumer ~]# tail -f /var/log/dirsrv/slapd-389-consumer/errors
[29/Jan/2010:03:04:54 +051800] NSMMReplicationPlugin - agmt="cn="Replication
to 389-supplier.sap"" (389-supplier:389): *Replica has a different
generation ID than the local data*.
[29/Jan/2010:03:04:55 +051800] NSMMReplicationPlugin -
multimaster_be_state_change: replica o=netscaperoot is going offline;
disabling replication
[29/Jan/2010:03:04:57 +051800] - WARNING: *Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to access the
database*
[29/Jan/2010:03:04:59 +051800] - import NetscapeRoot: Workers finished;
cleaning up...
[29/Jan/2010:03:04:59 +051800] - import NetscapeRoot: Workers cleaned up.
[29/Jan/2010:03:04:59 +051800] - import NetscapeRoot: Indexing complete.
Post-processing...
[29/Jan/2010:03:04:59 +051800] - import NetscapeRoot: Flushing caches...
[29/Jan/2010:03:04:59 +051800] - import NetscapeRoot: Closing files...
[29/Jan/2010:03:05:00 +051800] - import NetscapeRoot: Import complete.
Processed 107 entries in 3 seconds. (35.67 entries/sec)
[29/Jan/2010:03:05:00 +051800] NSMMReplicationPlugin -
multimaster_be_state_change: replica o=netscaperoot is coming online;
enabling replication
----------------------------------------------------------------------
[root@389-consumer ~]#
I tried adding a User under ou=People and it dint take effect on the
consumer machine.
13 years, 10 months
389 and MySQL replication
by John A. Sullivan III
Hello, all. We were very much hoping to use 389 (actually CentOS
Directory Server) as the GAL for our multi-tenant Zimbra installation.
However, it just doesn't seem to give us the flexibility we need. Users
really want to manipulate the data through their Zimbra mail interface.
However, we'd still like to get the data into the directory so other
applications can use it.
The Zimbra address books are stored in MySQL. We've heard of the
ability to get OpenLDAP to read a MySQL database to resolve queries (I
believe something like
http://www.clusterdb.com/mysql-cluster/accessing-the-same-data-through-ld... ). Is there any way to do this with 389? Thanks - John
13 years, 10 months
search on mail attribute no longer case insensative
by Terry Soucy
Good morning Folks,
We upgraded from 389 DS 1.2.2 to 1.2.5 this AM and found that searches
on the mail attribute are no longer case insensative. Has anyone else
found this?
Terry
--
Terry Soucy, Systems Analyst Integrated Technology Services
University of New Brunswick, Fredericton Campus http://www.unbf.ca/its
Voice: 506.447.3018 Fax: 506.453.3590 E-mail: terry.soucy(a)unb.ca
** ITS is a scent-reduced workplace - www.unbf.ca/its/policies **
13 years, 10 months
MMR Error?
by Ajeet S Raina
I am in verse to setup MMR on two centOS Machines.
I tried running:
./mmr.pl --host1 389-supplier.sap.com --host2
389-consumer.sap.com--host1_id 1 --host2_id 2 --bindpw password
--repmanpw password --create
It is working but when I checked at consumer side, is throwing error:
Replica has a different generation ID than the local data.
13 years, 10 months