hello,
I'm new to this project and i would like to know how to use DS-389 without the graphical interface in CentOs6.
Thank you
It will be painful but you can use ldap* commands and write all actions in LDIF syntax. Look in directory server admin guide for more detail information about ocjectclasses and attributes. 17 kwi 2013 11:24, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
hello,
I'm new to this project and i would like to know how to use DS-389 without the graphical interface in CentOs6.
Thank you
*___________________________________________________________* ** *Aziza Lichir*
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hey, Thanks for your quick answer, for the moment I installed the 389 console on a WindowsXP machine and i want to know if i can replicate users from AD knowing that i only use a normal user account and without activating Ldaps ?
thanks for your help
*___________________________________________________________* ** *Aziza * * *
Winsync require LDAPS for password sync. This domain user needs some privileges in ad - modifying, read, write on the synced subtree.
From ds point of view you configure normal user account for needs of sync
with ad. This user doesn't need to be in your organization tree. You can place him in cn=config. I usually create account like cn=adsyncuser, cn=config without ocjectclasses providing normal system account attributes.
Hope this helps you 17 kwi 2013 16:40, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Hey, Thanks for your quick answer, for the moment I installed the 389 console on a WindowsXP machine and i want to know if i can replicate users from AD knowing that i only use a normal user account and without activating Ldaps ?
thanks for your help
*___________________________________________________________* ** *Aziza
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hey, I didn't explain what i was doing exactely so i actualy have Windows XP computer with one virtual machine with Centos 6 which is the server 389 and since i have no graphical interface on it, i was obliged to install it on Windows. And in the other part of the network it exist the AD that i want to replicate on my virtuall machine. The problem i'm facing now is that when i created a sync agreement (Onewaysync fromWindows) it shows that everything is fine but i don't have any replcated users my base is still empty and i have no error and i don't understand why. So i realy wuld appreciate some help Thanks
2013/4/17 Grzegorz Dwornicki gd1100@gmail.com
Winsync require LDAPS for password sync. This domain user needs some privileges in ad - modifying, read, write on the synced subtree.
From ds point of view you configure normal user account for needs of sync with ad. This user doesn't need to be in your organization tree. You can place him in cn=config. I usually create account like cn=adsyncuser, cn=config without ocjectclasses providing normal system account attributes.
Hope this helps you 17 kwi 2013 16:40, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Hey, Thanks for your quick answer, for the moment I installed the 389 console on a WindowsXP machine and i want to know if i can replicate users from AD knowing that i only use a normal user account and without activating Ldaps ?
thanks for your help
*___________________________________________________________* ** *Aziza
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Let me get this right. You have configured the sync service on windows? What about configuration on DS part? Did you install certificates? What instructions did you follow? 19 kwi 2013 14:09, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Hey, I didn't explain what i was doing exactely so i actualy have Windows XP computer with one virtual machine with Centos 6 which is the server 389 and since i have no graphical interface on it, i was obliged to install it on Windows. And in the other part of the network it exist the AD that i want to replicate on my virtuall machine. The problem i'm facing now is that when i created a sync agreement (Onewaysync fromWindows) it shows that everything is fine but i don't have any replcated users my base is still empty and i have no error and i don't understand why. So i realy wuld appreciate some help Thanks
2013/4/17 Grzegorz Dwornicki gd1100@gmail.com
Winsync require LDAPS for password sync. This domain user needs some privileges in ad - modifying, read, write on the synced subtree.
From ds point of view you configure normal user account for needs of sync with ad. This user doesn't need to be in your organization tree. You can place him in cn=config. I usually create account like cn=adsyncuser, cn=config without ocjectclasses providing normal system account attributes.
Hope this helps you 17 kwi 2013 16:40, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Hey, Thanks for your quick answer, for the moment I installed the 389 console on a WindowsXP machine and i want to know if i can replicate users from AD knowing that i only use a normal user account and without activating Ldaps ?
thanks for your help
*___________________________________________________________* ** *Aziza
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
--
*___________________________________________________________* ** *Aziza Lichir* *Tél : 0777053628
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
i did install DS on linux i just take control of it from windows cause it's easy to use the graphical interface and since i just wanna see how it works i just want to do a first sync with a simple connection no SSL/TLS for the moment.
2013/4/19 Grzegorz Dwornicki gd1100@gmail.com
Let me get this right. You have configured the sync service on windows? What about configuration on DS part? Did you install certificates? What instructions did you follow? 19 kwi 2013 14:09, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Hey,
I didn't explain what i was doing exactely so i actualy have Windows XP computer with one virtual machine with Centos 6 which is the server 389 and since i have no graphical interface on it, i was obliged to install it on Windows. And in the other part of the network it exist the AD that i want to replicate on my virtuall machine. The problem i'm facing now is that when i created a sync agreement (Onewaysync fromWindows) it shows that everything is fine but i don't have any replcated users my base is still empty and i have no error and i don't understand why. So i realy wuld appreciate some help Thanks
2013/4/17 Grzegorz Dwornicki gd1100@gmail.com
Winsync require LDAPS for password sync. This domain user needs some privileges in ad - modifying, read, write on the synced subtree.
From ds point of view you configure normal user account for needs of sync with ad. This user doesn't need to be in your organization tree. You can place him in cn=config. I usually create account like cn=adsyncuser, cn=config without ocjectclasses providing normal system account attributes.
Hope this helps you 17 kwi 2013 16:40, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Hey, Thanks for your quick answer, for the moment I installed the 389 console on a WindowsXP machine and i want to know if i can replicate users from AD knowing that i only use a normal user account and without activating Ldaps ?
thanks for your help
*___________________________________________________________* ** *Aziza
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
--
*___________________________________________________________* ** *Aziza Lichir* *Tél : 0777053628
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Ok maybe i didn't quite understand your question and i think i dont get at all the way of this works cause i only have one simple user account in AD with the right of replication and i never done any changes in AD's part is this could be the reason why nothing works ????!!!!!
2013/4/19 Aziza Lichir aziza.lichir@gmail.com
i did install DS on linux i just take control of it from windows cause it's easy to use the graphical interface and since i just wanna see how it works i just want to do a first sync with a simple connection no SSL/TLS for the moment.
2013/4/19 Grzegorz Dwornicki gd1100@gmail.com
Let me get this right. You have configured the sync service on windows? What about configuration on DS part? Did you install certificates? What instructions did you follow? 19 kwi 2013 14:09, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Hey,
I didn't explain what i was doing exactely so i actualy have Windows XP computer with one virtual machine with Centos 6 which is the server 389 and since i have no graphical interface on it, i was obliged to install it on Windows. And in the other part of the network it exist the AD that i want to replicate on my virtuall machine. The problem i'm facing now is that when i created a sync agreement (Onewaysync fromWindows) it shows that everything is fine but i don't have any replcated users my base is still empty and i have no error and i don't understand why. So i realy wuld appreciate some help Thanks
2013/4/17 Grzegorz Dwornicki gd1100@gmail.com
Winsync require LDAPS for password sync. This domain user needs some privileges in ad - modifying, read, write on the synced subtree.
From ds point of view you configure normal user account for needs of sync with ad. This user doesn't need to be in your organization tree. You can place him in cn=config. I usually create account like cn=adsyncuser, cn=config without ocjectclasses providing normal system account attributes.
Hope this helps you 17 kwi 2013 16:40, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Hey, Thanks for your quick answer, for the moment I installed the 389 console on a WindowsXP machine and i want to know if i can replicate users from AD knowing that i only use a normal user account and without activating Ldaps ?
thanks for your help
*___________________________________________________________* ** *Aziza
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
--
*___________________________________________________________* ** *Aziza Lichir*
Hey i did install DS on linux i just take control of it from windows cause it's easy to use the graphical interface and since i just wanna see how it works i just want to do a first sync with a simple connection no SSL/TLS for the moment.* * is it possible to populate DS 389 with users from AD with a simple connection ???
thanks for your help *
* *___________________________________________________________* *Aziza Lichir* * *
Yes but it will not be as simple as one LDIF file import from ad
Here are the details : https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/... 22 kwi 2013 11:04, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Hey i did install DS on linux i just take control of it from windows cause it's easy to use the graphical interface and since i just wanna see how it works i just want to do a first sync with a simple connection no SSL/TLS for the moment.*
is it possible to populate DS 389 with users from AD with a simple connection ???
thanks for your help
*___________________________________________________________* *Aziza Lichir*
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Thanks for your answer i actualy succeed with the synchronisation between AD and DS with a simple connection now my question is it possible to integrate like a kind of filter to choose the OU that i want to synchronise or not like for example i have one OU=computers in AD that i dont wannt neither to copy or to synchronise to my DS 389 is there a simple way to do that. thanks again for your help
2013/4/22 Grzegorz Dwornicki gd1100@gmail.com
Yes but it will not be as simple as one LDIF file import from ad
Here are the details :
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/... 22 kwi 2013 11:04, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Hey i did install DS on linux i just take control of it from windows cause it's easy to use the graphical interface and since i just wanna see how it works i just want to do a first sync with a simple connection no SSL/TLS for the moment.*
is it possible to populate DS 389 with users from AD with a simple connection ???
thanks for your help
*___________________________________________________________* *Aziza Lichir*
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Ldap allows filtering this is the format. https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/...
Most a lot of APIs allows you to use this format. You didn't explain this method of yours but I guess this might be what you need. 22 kwi 2013 16:22, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Thanks for your answer i actualy succeed with the synchronisation between AD and DS with a simple connection now my question is it possible to integrate like a kind of filter to choose the OU that i want to synchronise or not like for example i have one OU=computers in AD that i dont wannt neither to copy or to synchronise to my DS 389 is there a simple way to do that. thanks again for your help
2013/4/22 Grzegorz Dwornicki gd1100@gmail.com
Yes but it will not be as simple as one LDIF file import from ad
Here are the details :
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/... 22 kwi 2013 11:04, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Hey i did install DS on linux i just take control of it from windows cause it's easy to use the graphical interface and since i just wanna see how it works i just want to do a first sync with a simple connection no SSL/TLS for the moment.*
is it possible to populate DS 389 with users from AD with a simple connection ???
thanks for your help
*___________________________________________________________* *Aziza Lichir*
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
--
___________________________________________________________* *Aziza Lichir*
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Thanks for your answer
2013/4/22 Grzegorz Dwornicki gd1100@gmail.com
Ldap allows filtering this is the format.
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/...
Most a lot of APIs allows you to use this format. You didn't explain this method of yours but I guess this might be what you need. 22 kwi 2013 16:22, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Thanks for your answer i actualy succeed with the synchronisation between
AD and DS with a simple connection now my question is it possible to integrate like a kind of filter to choose the OU that i want to synchronise or not like for example i have one OU=computers in AD that i dont wannt neither to copy or to synchronise to my DS 389 is there a simple way to do that. thanks again for your help
2013/4/22 Grzegorz Dwornicki gd1100@gmail.com
Yes but it will not be as simple as one LDIF file import from ad
Here are the details :
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/... 22 kwi 2013 11:04, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Hey i did install DS on linux i just take control of it from windows cause it's easy to use the graphical interface and since i just wanna see how it works i just want to do a first sync with a simple connection no SSL/TLS for the moment.*
is it possible to populate DS 389 with users from AD with a simple connection ???
thanks for your help
*___________________________________________________________* *Aziza Lichir*
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
--
___________________________________________________________* *Aziza Lichir*
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
hello, one more question how can we synchronize special attribute ( multi values) like the attributes member and member-of like after a sync agreement we can see all user's groups memberships
Thanking you in advance for your help
2013/4/23 Aziza Lichir aziza.lichir@gmail.com
Thanks for your answer
2013/4/22 Grzegorz Dwornicki gd1100@gmail.com
Ldap allows filtering this is the format.
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/...
Most a lot of APIs allows you to use this format. You didn't explain this method of yours but I guess this might be what you need. 22 kwi 2013 16:22, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Thanks for your answer i actualy succeed with the synchronisation between
AD and DS with a simple connection now my question is it possible to integrate like a kind of filter to choose the OU that i want to synchronise or not like for example i have one OU=computers in AD that i dont wannt neither to copy or to synchronise to my DS 389 is there a simple way to do that. thanks again for your help
2013/4/22 Grzegorz Dwornicki gd1100@gmail.com
Yes but it will not be as simple as one LDIF file import from ad
Here are the details :
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/... 22 kwi 2013 11:04, "Aziza Lichir" aziza.lichir@gmail.com napisał(a):
Hey i did install DS on linux i just take control of it from windows cause it's easy to use the graphical interface and since i just wanna see how it works i just want to do a first sync with a simple connection no SSL/TLS for the moment.*
is it possible to populate DS 389 with users from AD with a simple connection ???
thanks for your help
*___________________________________________________________* *Aziza Lichir*
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
--
___________________________________________________________* *Aziza Lichir*
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
--
___________________________________________________________* *Aziza Lichir*
On 04/22/2013 07:02 AM, Aziza Lichir wrote:
Thanks for your answer i actualy succeed with the synchronisation between AD and DS with a simple connection now my question is it possible to integrate like a kind of filter to choose the OU that i want to synchronise or not like for example i have one OU=computers in AD that i dont wannt neither to copy or to synchronise to my DS 389 is there a simple way to do that.
Just don't create those OUs in 389.
thanks again for your help
2013/4/22 Grzegorz Dwornicki <gd1100@gmail.com mailto:gd1100@gmail.com>
Yes but it will not be as simple as one LDIF file import from ad Here are the details : https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Windows_Sync.html 22 kwi 2013 11:04, "Aziza Lichir" <aziza.lichir@gmail.com <mailto:aziza.lichir@gmail.com>> napisał(a): Hey i did install DS on linux i just take control of it from windows cause it's easy to use the graphical interface and since i just wanna see how it works i just want to do a first sync with a simple connection no SSL/TLS for the moment.* * is it possible to populate DS 389 with users from AD with a simple connection ??? thanks for your help * * *___________________________________________________________* */Aziza Lichir/* * * -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users--
___________________________________________________________* */Aziza Lichir/*
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On Apr 17, 2013 4:24 AM, "Aziza Lichir" aziza.lichir@gmail.com wrote:
hello,
I'm new to this project and i would like to know how to use DS-389
without the graphical interface in CentOs6.
Thank you
Aziza Lichir
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
I have had good experience with Apache Directory Studio for managing 389, including cn=config. Most of it still comes down to management via LDIFs, but it has a built in IDE type editor for LDIF files which takes away some of the painfulness. I did use the 389 interface at first to see how it created records so I could mimic the defaults.
I did not try doing the initial setup outside the 389 interface, but using it via X11 forwarding worked well.
- Trey
389-users@lists.fedoraproject.org
-
Aziza Lichir -
Grzegorz Dwornicki -
Rich Megginson -
Trey Dockendorf