Michal Rejda wrote:
> -----Original Message-----
> From: fedora-directory-users-bounces(a)redhat.com [mailto:fedora-
> directory-users-bounces(a)redhat.com] On Behalf Of Rich Megginson
> Sent: Tuesday, April 14, 2009 4:25 PM
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: [Fedora-directory-users] LDAP proxy
>
> Michal Rejda wrote:
>
>> I tried to use
http://tinyurl.com/culeft. But the database link
>>
> doesn't work. I setup the database link to the Active Directory (and
> OpenLDAP). When I looked into Wireshark log, FDS send search request
> with controls:
>
>> 2.16.840.1.113730.3.4.2
>> 2.16.840.1.113730.3.4.12
>> And the AD server responded: Unavailable Critical Extension.
>>
>> I tried to remove this two controls from Database Link Settings (in
>>
> administration console) but it didn't help. The server didn't return
> the message above, but the administrative console show error dialog.
>
> What error?
>
I tried it again and the error message is exactly:
Error fading object 'dn: dc=example, dc=com'.
The error send by the server was:
".
In the Whireshark log was still the search request witch control:
2.16.840.1.113730.3.4.2
Why is this control needed by the server when I removed it from Database link settings?
I'm not sure - maybe the console is not working correctly. Try this:
1) Shutdown the server
2) cd /etc/dirsrv/slapd-yourinstance
3) edit dse.ldif - look for the entry
dn: cn=config,cn=chaining database,cn=plugins,cn=config
4) edit the nsTransmittedControls attribute - remove 2.16.840.1.113730.3.4.2
5) save and restart the server
>>> Michal Rejda wrote:
>>>
>>>
>>>> Hi all,
>>>>
>>>> I’m trying to setup proxy on FDS to another LDAP server (OpenLDAP
>>>> and Active Directory). I tried two ways, but none of these works:
>>>>
>>>> 1) New database link to LDAP server.
>>>>
>>>> - The remote LDAP server (OpenLDAP) returns: null. manageDSAit
>>>>
>>>>
>>> control
>>>
>>>
>>>> value not found
>>>>
>>>>
>>>>
>>> You might have to tweak the controls used by chaining - see
>>>
http://tinyurl.com/culeft
>>>
>>>
>>>> 2) Create multiple-master replication and setup other server as
>>>>
>>>>
>>> consumer.
>>>
>>>
>>>> - But this show error: 255 Replication error acquiring replica:
>>>> unknown error.
>>>>
>>>>
>>>>
>>> Replication will only work to a SunDS, not to any other vendor.
>>>
>>>
>>>> My question is: Is there way how to setup proxy to access another
>>>>
>>>>
>>> LDAP
>>>
>>>
>>>> server from Fedora DS? I know that is possible to use AD sync, but
>>>>
> I
>
>>>> cannot install anything on the AD server. The second reason why I
>>>>
>>>>
>>> need
>>>
>>>
>>>> to setup proxy is to use data stored in LDAP server (OpenLDAP, Open
>>>> Direcoty Server and Active Directory) in one place. I need to
>>>>
> update
>
>>>> them too. It is not necessary to synchronize passwords.
>>>>
>>>>
>>>>
>>> See also
>>>
http://directory.fedoraproject.org/wiki/Howto:OpenldapIntegration
>>>
>>>
>>>> Thank you for reply.
>>>>
>>>> Regards,
>>>>
>>>> Michal
>>>>
>>>>
>>>>
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users(a)redhat.com
>>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users