Cross Migration Problem From FDS 1.0.x to 386 Directory Server
by Brian Provenzano
I'm hoping someone can help me with this, but I am getting an error
attempting a cross migration from an old version of FDS (FDS 1.0.4) on
CentOS 4 32bit to current 389 Directory server (via yum repos) on centOS 5.4
64bit. I used the following in order to install 389 DS on my new CentOS
server 5.4 64bit :
http://directory.fedoraproject.org/wiki/Download#Enterprise_Linux_5
I've exported my databases to LDIF as directed in the documentation as well
and am performing the migration on the new server from a tarball of the
original install taken from the old server.
Anyway, when I run the migration script here is the output error I get. How
do I correct this (I'm no LDAP expert that is certain)?
-------------
# /usr/sbin/./migrate-ds-admin.pl --cross --oldsroot
/home/brian/LDAPmigration/fedora-ds --actualsroot /opt/fedora-ds
General.ConfigDirectoryAdminPwd='mypassword'
Beginning migration of Directory and Administration servers from
/home/brian/LDAPmigration/fedora-ds . . .
Beginning migration of directory server instances in
/home/brian/LDAPmigration/fedora-ds . . .
Your new DS instance 'slapd-ldap' was successfully created.
Could not import the LDIF file '/tmp/nsrootJMtOFK.ldif' for the migrated
database. Error: 256. Output: importing data ...
[10/Mar/2010:13:12:44 -0700] dse - The entry cn=schema in file
/etc/dirsrv/slapd-ldap/schema/60mozilla.ldif is invalid, error code 20 (Type
or value exists) - attribute type nsAIMid: Does not match the OID
"1.3.6.1.4.1.13769.2.4". Another attribute type is already using the name or
OID
[10/Mar/2010:13:12:44 -0700] dse - Please edit the file to correct the
reported problems and then restart the server.
Exiting . . .
Log file is '/tmp/migrateEjdYZw.log'
--------------
I'm not sure how to troubleshoot this. Any help would be great.
Thanks brian
13 years, 9 months
Re: [389-users] NB: can't login/connect to FDS
by Brad Fuller
Thanks for the reply. Yes. I checked the logs. (Mentioned in oreg msg) and
there was no mention of the client.
Afa sitting up he user - yes I set up a couple of users for posix access.
I think my problem is more fundamental. Yes, I do have port 389 open on both
machines.
Any app that I can run on the client to see if it sees the ldap server?
Brad Fuller
On Mar 9, 2010 1:58 PM, <patrick.morris(a)hp.com> wrote:
Hi Brad! On Tue, 09 Mar 2010, Brad Fuller wrote: > Thanks for the reply. See
below On Tue, Mar 9, ...
Authconfig also does stuff like configure PAM for you, etc, so you're
probably set there, but it's a bit more involved than just the canges
you mentioned.
My guess now is that it's almost certainly expecting users to contain
the posixAccount object class, which you may or may not have set on
them currently. You mentioned that you were able to "create people,"
but didn't say how, so whether those were set up appropriately to work
as Unix logins is hard for me to say.
As far as being able to tell if your client is hitting the server or
not, you should be able to look at the server's access logs.
-- 389 users mailing list 389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/...
13 years, 9 months
modifying the server of the sync Agreement
by jean-Noël Chardron
hello,
In my company, the AD server that is sync with a 389 directory server
will be changed by a new one (because the actual AD is used and old and
not eternal)
In the documentation
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Windows_Sync.html
I don't find the possibility to edit the name of the AD in the Sync
agreement in the console of 389.
I suppose that I need to delete the previous sync agreement and create a
new sync agreement with the new AD server.
So I have question about this process :
1/ does the deleting sync agreement delete the data in the 389 directory
server?
2/ Do I need to create the new sync agreement before to delete the
previous or vice versa ?
thanks,
--
Jean-Noel Chardron
13 years, 9 months
Verify Indexes
by Edward "koko" Konetzko
Is there anyway to verify an index or tell the server to reindex with
out having to delete and readd the index?
Thanks
Edward
13 years, 9 months
Fedora-DS 1.1 showing NSMMReplicationPlugin msgs, becomes unresponsive and dies
by Wolf Siedler
Hi!
I am sorry for the vague subject but I don't know a better way to
describe my problem. I am still studying Fedora/389 Directory Server.
I am running a Fedora-DS (1.1) master on CentOS 5.4 which replicates to
several consumers (no master-master replication).
Today, the master suddenly stopped working. I can restart it, but it
never starts listeing on ports 389/636.
"service dirsrv status" claims after several minutes that the service is
dead.
When attempting a start by
/usr/lib/dirsrv/slapd-admin01/start-slapd -d 1
I get after a few seconds a seemingly endless loop of this message:
NSMMReplicationPlugin - agmt="cn=nagios" (rtbkk:389): Consumer failed to
replay change (uniqueid (null), CSN (null)): Bad parameter to an ldap
routine. Will retry later.
Usage of terms nagios and rtbkk point me indeed to one of our
replication agreements.
Can somebody explain what that means?
Is it possible that a replication agreement fails and then the server
attempts/repeats over and over until all resources are exhausted?
Can anybody advise how I could overcome this?
Needless to say, I would appreciate any advice/pointers (such incidents
always seem to happen at the wrong time).
Regards,
Wolf
13 years, 9 months
Busy replica when deleting replication conflict
by Juan Asensio Sánchez
Hi all
I have posted this on the chat, but i am not sure if it is wirking fine in
my computer. I am using 389ds 1.2.5, and i have found some replication
conflicts (nsds5replicaconflict=*). I have deleted them manually, and now
the databases in the other servers are busy all the time, no matter if i
restart the service in the source or target servers (i must kill the target
servers as they never stop), when the replication agreement is launched
again from the source server, the replica is busy all the time. the last
operation in the access log of the replicated servers is the deletion of the
object in conflict, which never gets a result.
any idea?
As other times, thanks in advance for your help.
13 years, 9 months
yum install 389 DS failed
by Mike Li
I am following the installation guide to do a new install of 389 DS on
fedora 9, and here is the link:
http://directory.fedoraproject.org/wiki/Install_Guide.
But got a bunch of error of missing dependencies (see below).
What should I do to solve these errors?
I don't see anything in the installation guide talking about this kind of
errors.
yum install 389-ds
... ...
Error: Missing Dependency: libicui18n.so.36 is needed by package
389-adminutil-1.1.8-4.el5.i386 (epel)
Error: Missing Dependency: libicudata.so.36 is needed by package
389-dsgw-1.1.4-1.el5.i386 (epel)
Error: Missing Dependency: libicui18n.so.36 is needed by package
389-admin-1.1.10-1.el5.i386 (epel)
Error: Missing Dependency: libicuuc.so.36 is needed by package
389-dsgw-1.1.4-1.el5.i386 (epel)
Error: Missing Dependency: libicuuc.so.36 is needed by package
389-ds-base-1.2.5-1.el5.i386 (epel)
Error: Missing Dependency: libicui18n.so.36 is needed by package
389-dsgw-1.1.4-1.el5.i386 (epel)
Error: Missing Dependency: libnetsnmp.so.10 is needed by package
389-ds-base-1.2.5-1.el5.i386 (epel)
Error: Missing Dependency: libnetsnmphelpers.so.10 is needed by package
389-ds-base-1.2.5-1.el5.i386 (epel)
Error: Missing Dependency: libnetsnmpagent.so.10 is needed by package
389-ds-base-1.2.5-1.el5.i386 (epel)
Error: Missing Dependency: libicudata.so.36 is needed by package
389-ds-base-1.2.5-1.el5.i386 (epel)
Error: Missing Dependency: perl(:MODULE_COMPAT_5.8.8) is needed by package
389-ds-base-1.2.5-1.el5.i386 (epel)
Error: Missing Dependency: libnetsnmpmibs.so.10 is needed by package
389-ds-base-1.2.5-1.el5.i386 (epel)
Error: Missing Dependency: libicudata.so.36 is needed by package
389-admin-1.1.10-1.el5.i386 (epel)
Error: Missing Dependency: libicudata.so.36 is needed by package
389-adminutil-1.1.8-4.el5.i386 (epel)
Error: Missing Dependency: libicuuc.so.36 is needed by package
389-adminutil-1.1.8-4.el5.i386 (epel)
Error: Missing Dependency: libicui18n.so.36 is needed by package
389-ds-base-1.2.5-1.el5.i386 (epel)
Error: Missing Dependency: libsensors.so.3 is needed by package
389-ds-base-1.2.5-1.el5.i386 (epel)
Error: Missing Dependency: libicuuc.so.36 is needed by package
389-admin-1.1.10-1.el5.i386 (epel)
Error: Missing Dependency: libcrypto.so.6 is needed by package
389-ds-base-1.2.5-1.el5.i386 (epel)
[root@hpc01 ~]#
13 years, 9 months
StartTLS issue
by Maurizio Marini
Generally I use CentOS and centos-ds to setup a samba-pdc; now i decided to
installa a fresh fedora 12 as pc clients are xp and windows7, so i need a
recent samba ( >= 3.3) to join pc client with windows7.
I use as always this guide:
http://directory.fedoraproject.org/wiki/Howto:Samba
I haven't installed any certs, until now, as it was not necessary in my
previous samba-pdc installations
at the point to get SID, i get startTLS errors:
fedora12 11:56:21 root@fedora-ds: ~ # net getdomainsid
[2010/03/06 11:56:30, 0] lib/smbldap.c:656(smb_ldap_start_tls)
Failed to issue the StartTLS instruction: Protocol error
[2010/03/06 11:56:31, 0] lib/smbldap.c:656(smb_ldap_start_tls)
Failed to issue the StartTLS instruction: Protocol error
[2010/03/06 11:56:32, 0] lib/smbldap.c:656(smb_ldap_start_tls)
Failed to issue the StartTLS instruction: Protocol error
[2010/03/06 11:56:33, 0] lib/smbldap_util.c:310(smbldap_search_domain_info)
smbldap_search_domain_info: Adding domain info for DOMAIN failed with
NT_STATUS_UNSUCCESSFUL
SID for local machine FEDORA-DS is: S-1-5-21-2903629014-3468404519-2055364827
SID for domain DOMAIN is: S-1-5-21-2903629014-3468404519-2055364827
*My question is*:
should i install tls using something like here:
http://wiki.neddix.com/How_to_setup_the_CentOS_Directory_Server_%28389_Di...
Where can i get
ds-ssl-setup
suitable for fedora12?
Could ds-ssl-setup solve my issue?
tia
======================================
Samba version is:
fedora12 11:56:33 root@fedora-ds: ~ # rpm -qa | grep samba
samba-doc-3.4.5-55.fc12.i686
samba-swat-3.4.5-55.fc12.i686
samba-3.4.5-55.fc12.i686
samba4-4.0.0-18.1alpha8_git20090916.fc12.i686
samba-common-3.4.5-55.fc12.i686
samba-winbind-devel-3.4.5-55.fc12.i686
samba4-pidl-4.0.0-18.1alpha8_git20090916.fc12.i686
samba-winbind-clients-3.4.5-55.fc12.i686
samba-client-3.4.5-55.fc12.i686
samba-winbind-3.4.5-55.fc12.i686
samba4-devel-4.0.0-18.1alpha8_git20090916.fc12.i686
samba4-libs-4.0.0-18.1alpha8_git20090916.fc12.i686
samba-domainjoin-gui-3.4.5-55.fc12.i686
======================================
389 version is:
fedora12 12:05:34 root@fedora-ds: ~ # rpm -qa | grep 389
389-ds-1.1.3-5.fc12.noarch
389-ds-console-doc-1.2.0-5.fc12.noarch
389-ds-base-1.2.5-1.fc12.i686
389-ds-console-1.2.0-5.fc12.noarch
389-console-1.1.3-5.fc12.noarch
389-admin-console-1.1.4-2.fc12.noarch
389-dsgw-1.1.4-1.fc12.i686
389-admin-console-doc-1.1.4-2.fc12.noarch
389-adminutil-1.1.8-4.fc12.i686
389-admin-1.1.10-1.fc12.i686
--
Maurizio Marini
13 years, 9 months
Advantage to synching with AD?
by Dumbo Q
I'm linux guy, and if it were up to me windows would not be in my
server environment. However I am in a mixed environment where All windows servers use AD for authentication, and linux servers have no authentication setup.
My
first thought is to use rhds or 389 to sync with AD. After stewing on
this for a little bit, I wonder is there any benefit that I will be
gaining by doing this.
Does anyone have experience and can
say why I should do this rather then just authenticate to AD? Again
I'd prefer linux, but I prefer not over-complicating core
infrastructure more.
13 years, 9 months
