December 2012 - 389-users - Fedora Mailing-Lists

by Chaudhari, Rohit K.

Hello everyone, How do I set up a 389 LDAP client to authenticate users against a 389 LDAP server? I don't have a trusted certificate authority (CA) but will create self-signed CA that signs server certificates, and then put that self-signed CA as the trusted CA on the client side. Is there anything more specific or a guide on how to set this up out there? Thanks in advance. Rohit

7 years, 6 months

4
23
0 / 0

Swap Master Hardware.

by Shardul Kerkar

Hi Folks, I have recently been tasked with moving a Single Ldap Master from a dying machine to a spanking new blade. After doing some research it appears to me that the optimum way to do this will be installing a fresh instance of the application on the new server, import the database and then recreate and reinitialize all the hubs and replicas. The problem I face is that this work place has a humongous LDAP database will 3 mil+ entries. Re-initialization is taking upto 3 hours in some cases. With 5 hubs and 20 replicas to reinitialize, the downtime is unacceptable to the client. If I stop writes to the Master, then export the database to the new box and recreate the New-Master-Hub replication after removing the old Master , will I still need to re-initialize the hubs? Is there any way to do this swap without reinitializing or fooling the hubs and reps into thinking that they are still talking to the same Master albeit on a new machine (same ip address/dns). The client is still using ver. 1.1.2 on Centos 5.4 Thanks, Shar Ker

7 years, 6 months

2
4
0 / 0

Support for apple OS X schema?

by Orion Poplawski

Has any work been done towards supporting Apple OS X ldap schema in 389? It seems like this is the latest OpenLDAP schema for Apple: http://opensource.apple.com/source/OpenLDAP/OpenLDAP-208.1/OpenLDAP/serve... Does anyone know of tools that would populate the various apple specific entries like apple-generateduid? Thanks! -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder Office FAX: 303-415-9702 3380 Mitchell Lane orion(a)nwra.com Boulder, CO 80301 http://www.nwra.com

7 years, 7 months

3
5
0 / 0

Bind localhost to 389, external IP to 636, fails with Local Network address is in use

by Graham Leggett

Hi all, After updating the directory as follows in order to make 389ds listen to localhost:389 and external.ip.address:636 (with SSL), the server refuses to start complaining as follows: [22/Dec/2012:09:32:26 +0000] createprlistensockets - PR_Bind() on 172.20.10.6 port 636 failed: Netscape Portable Runtime error -5982 (Local Network address is in use.) I have checked, nothing is listening to port 636 before the server restart, so the most likely explanation is that 389ds is trying to bind to port 636 twice, and failing on the second go. # set the IP address for unencrypted access dn: cn=config changetype: modify replace: nsslapd-listenhost nsslapd-listenhost: 127.0.0.1 # set the IP address for encrypted access dn: cn=config changetype: modify replace: nsslapd-securelistenhost nsslapd-securelistenhost: 172.20.10.6 Can anyone point out what I am doing wrong above? Regards, Graham --

7 years, 7 months

2
1
0 / 0

Importing certificates during setup-ds.pl - is this possible?

by Graham Leggett

Hi all, I am currently trying to script the setup of a directory using the ConfigFile entry within an INF file, and so far I've hit a snag. In order to enable SSL on the directory, first I must use certutil to import the certificate to be used, otherwise the attempt to add the cn=RSA,cn=encryption,cn=config entry fails saying "No such object". If I set up the directory, then manually add the certificates, then manually enable SSL by adding the cn=RSA,cn=encryption,cn=config entry (and various other SSL related configs), it seems to work fine. Is there some way of getting setup-ds.pl to import a given certificate (p12 file, whatever) when the server is set up, in addition to creating the initial certificate database within /etc/dirsrv/slapd-INSTANCE/? Regards, Graham --

7 years, 7 months

3
5
0 / 0

migrate PDC with Samba3+389ds to SAMBA AD DC (samba4)

by Maurizio Marini

I would migrate a PDC with Samba3+389ds Domain to SAMBA AD DC (samba4). But, to use classic-upgrade tool i need to slapcat ldap tree. https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO # slapcat > backup.ldif can i use this command to get ldif file: /usr/lib/dirsrv/slapd-pdc/db2ldif -n userRoot is it ok with classic-upgrade? someone did it? brgds m.

7 years, 7 months

1
0
0 / 0

Bind localhost to 389, external IP to 636, fails with Local Network address is in use

by Graham Leggett

Hi all, After updating the directory as follows in order to make 389ds listen to localhost:389 and external.ip.address:636 (with SSL), the server refuses to start complaining as follows: [22/Dec/2012:09:32:26 +0000] createprlistensockets - PR_Bind() on 172.20.10.6 port 636 failed: Netscape Portable Runtime error -5982 (Local Network address is in use.) I have checked, nothing is listening to port 636 before the server restart, so the most likely explanation is that 389ds is trying to bind to port 636 twice, and failing on the second go. # set the IP address for unencrypted access dn: cn=config changetype: modify replace: nsslapd-listenhost nsslapd-listenhost: 127.0.0.1 # set the IP address for encrypted access dn: cn=config changetype: modify replace: nsslapd-securelistenhost nsslapd-securelistenhost: 172.20.10.6 Can anyone point out what I am doing wrong above? Regards, Graham --

7 years, 7 months

1
0
0 / 0

Nested groups ldap to PAM

by Deas, Jim

I am about to upgrade our systems to the current version. One of my difficulty's in the old version was the lack of nested groups. Is there a way with the current software to create nested groups in openldap that will be seen properly by the linux PAM module and Mac OSX? Regards, JD

7 years, 7 months

3
6
0 / 0

console X11 issue

by Doug Tucker

I got it installed with the epel. Thanks to Rich for that! Doing an ldapsearch on the base works, yea! I cannot launch the console though. When I try I get this: /usr/bin/389-console -a http://localhost:9830 Exception in thread "main" java.awt.HeadlessException: No X11 DISPLAY variable was set, but this program performed an operation which requires it. at java.awt.GraphicsEnvironment.checkHeadless(GraphicsEnvironment.java:173) at java.awt.Window.<init>(Window.java:477) at java.awt.Frame.<init>(Frame.java:419) at java.awt.Frame.<init>(Frame.java:384) at javax.swing.JFrame.<init>(JFrame.java:174) at com.netscape.management.client.console.Console.<init>(Unknown Source) at com.netscape.management.client.console.Console.main(Unknown Source) Googling reveals people not passing X through their ssh session. I am by ssh -X hostname. I have tried from 2 different X clients and get the same results. Any ideas? -- Sincerely, Doug Tucker

7 years, 7 months

2
2
0 / 0

installation issues

by Doug Tucker

I am baffled. So reading the install documentation at http://directory.fedoraproject.org/wiki/Install_Guide It links to the install guide at redhat.com which indicates to type yum install redhat-ds. Doing so results in nothing on my centos 6.3 machine. The documentation at centos points to the exact same redhat document. I did find another document on centos site for 5.x located here: http://wiki.centos.org/HowTos/DirectoryServerSetup . It says to run yum list 389\* . I did so and there were 3 files available for x86_64. I installed them. Then when I try to run setup-ds-admin.pl, it's not found. Doing: yum whatprovides */setup-ds-admin.pl it results in nothing found. Help! Is there another guide somewhere that will tell me exactly what packages to install? <http://directory.fedoraproject.org/wiki/Install_Guide> -- Sincerely, Doug Tucker

7 years, 7 months

3
10
0 / 0

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users December 2012