When I run this I don¹t get any usable output(empty template shows up). But
when I don;t specify dates, it just works.
$ logconv.pl -S "[04/Apr/2010:15:00:00 -0400]" -E "[04/May/2010:15:00:00
-0400]" -V /var/log/dirsrv/slapd-poe111/access*
Access Log Analyzer 6.0
Command : logconv.pl -S [04/Apr/2010:15:00:00 -0400] -E
[04/May/2010:15:00:00 -0400] -V /var/log/dirsrv/slapd-poe111/access
The help menu has this syntax. Not sure what I am doing wrong.
./logconv.pl -S "[28/Mar/2002:13:14:22 -0800]" -E "[28/Mar/2002:13:50:05
-0800]" -e access
Any help is very much appreciated.
We have been experiencing some ldap timeout errors in a multi-master setup.
My setup looks close to this one but there is _NO_ M32 and M41 i.e consumers
don;t replicate to masters
* 2 Supplier servers with multi-master setup between the two.
* 2 consumer servers with multi-master setup between the two.
* Each supplier server has replication setup to each of the two consumer
* M1 & M2 authenticate users via PAM-PTA plugin to Active Directory.
* M3 & M4 use PTA plugin via SSL to authenticate via M1 & M2 in a redundant
BIGGEST ISSUE: Clients connecting to M3 and M4 are having ³pam_ldap:
ldap_result Timed out² error. Any ideas, how we can improve/fix this?
Q1. Should I increase my nsslapd-maxbersize?
Q2. How do I restrict the ldap clients to bind only using LDAP v3? (I
remembert reading it somewhere)
LDAP v2 Binds: 1006
LDAP v3 Binds: 9324
Q3. I use ³uniquemember² as group membership attribute, but logs show
filters like this. As far as I know, we don;t have any hard coded filters on
any hosts. How to remove filter like this.
I ran logconv.pl on M2 and here is what I found
B1 75045 Bad Ber Tag Encountered
U1 13456 Cleanly Closed Connections
T2 160 IO Block Timeout Exceeded or NTSSL Timeout
T1 22 Idle Timeout Exceeded
69409 10.1.1.2 [ M1 ]
37611 - B1 Bad Ber Tag Encountered
3968 - U1 Cleanly Closed Connections
160 - T2 IO Block Timeout Exceeded or NTSSL Timeout
55326 10.1.1.3 [ M2 ]
27886 - B1 Bad Ber Tag Encountered
7 - U1 Cleanly Closed Connections
18096 10.1.0.7 [old ldap server which was using pen-ldap to pass
connection during migration ]
9531 - B1 Bad Ber Tag Encountered
8564 - U1 Cleanly Closed Connections
26 10.101.1.16 [ M3 ]
20 - T1 Idle Timeout Exceeded
1 - B1 Bad Ber Tag Encountered
* Unknown Host
16 - B1 Bad Ber Tag Encountered
13 - U1 Cleanly Closed Connections
2 - T1 Idle Timeout Exceeded
1. You have unindexed searches, this can be caused from a search on an
unindexed attribute, or your returned results exceeded the allidsthreshold.
Unindexed searches are not recommended. To refuse unindexed searches, switch
'nsslapd-require-index' to 'on' under your database entry (e.g.
2. You have some connections that are are being closed by the idletimeout
setting. You may want to increase the idletimeout if it is set low.
3. You have some coonections that are being closed by the ioblocktimeout
setting. You may want to increase the ioblocktimeout.
4. You have a significant difference between binds and unbinds. You may
want to investigate this difference.
5. You have more abnormal connection codes than cleanly closed
connections. You may want to investigate this difference.
Hi folks...I've created a group, named it guitar. I execute getent
group guitar, and nothing returns.
I added a user, and added the user to this group. I execute getent
passwd username, and the uid and gid I set shows, not the group name I
added the user to.
id user shows
uid=1200(graz) gid=1200 groups=1200
Why doesn't the group I'd added the user to show?
aRDy Music and Rick Dicaire present:
I have Windows Active Directory to 389 Directory Server syncronization working. I can create an account in AD and it gets synced to the 389 LDAP server and the password is synced also. This only works for "User" accounts in Active Directory though.
Is there a way that I can sync my Active Directory "machine trust" accounts from AD to the 389 directory server? A machine trust account is just a user account that is a computer from what I can tell. I'm looking to get the computer username and password that is set in Active Directory into the 389 server so I can do machine based RADIUS authentication directly against the 389 LDAP server rather than directly through Active Directory.
Is it possible to sync the computer accounts from AD->389? Any ideas?
Gregory A. Fuller - CCNA
State University of New York at Oswego
Phone: (315) 312-5750
Hi folks new to the list.
Fedora 12 i386
Name : 389-ds
Arch : noarch
Version : 1.1.3
Release : 5.fc12
Upon running setup-ds-admin.pl -ddd, it errors out at the end:
Your new DS instance 'ws' was successfully created.
Creating the configuration directory server . . .
Error: failed to open an LDAP connection to host 'ws.int.kritek.net'
port '389' as user 'cn=Directory Manager'. Error: unknown.
Failed to create the configuration directory server
Exiting . . .
Log file is '/tmp/setupSjpStD.log'
The log file shows no indication of why this fails.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ns-slapd 30155 nobody 6u IPv6 5218169 0t0 TCP *:ldap (LISTEN)
telnet ws 389
telnet: connect to address 192.168.1.2: Connection refused
I don't understand why this instance of DS, started by
setup-ds-admin.pl, is listening ONLY on an ipv6 socket either.
In any case, how can I get setup-ds-admin.pl to complete its configuration?
aRDy Music and Rick Dicaire present:
I have many fds+samba as pdc installations.
All my customers ask me how to manage domain accounts using an easy tool,
instead of sshing into fds and using smbldap tools.
What are u using?
Is LAM able to add and modify ldap+samba accounts without pains?
On 03. 05. 2010 14:00, 389-users-request(a)lists.fedoraproject.org wrote:
> Date: Mon, 3 May 2010 11:00:16 +0200
> Subject: [389-users] web account manager
> To: "General discussion list for the 389 Directory server project."
> Content-Type: text/plain; charset="us-ascii"
> I have many fds+samba as pdc installations.
> All my customers ask me how to manage domain accounts using an easy tool,
> instead of sshing into fds and using smbldap tools.
> What are u using?
> Is LAM able to add and modify ldap+samba accounts without pains?
We use LDAPAdmin (runs on Windows) for this.
http://ldapadmin.sourceforge.net/, look for some templates which can
easy your management.