Hello all,
I have a question about FDS and the ability to make a distro/email group. Here is some backgroud. Currently running openldap as my GAL and we want to switch to FDS because the people we sync with all use exchange. I have FDS 1.0.3 stood up and running. I exported my ldif file from my openldap server which has both email accounts and distro groups. When i imported them into FDS all the email address were stripped. At first I thought it was the syntax of the openldap leif file, and at first it was and i wanst able to import anything. Now i can import without any errors but no email address come up, just user account info.
What did I do wrong?
Thank you in advance,
Adam Valenzuela wrote:
Hello all,
I have a question about FDS and the ability to make a
distro/email group. Here is some backgroud. Currently running openldap as my GAL and we want to switch to FDS because the people we sync with all use exchange. I have FDS 1.0.3 stood up and running. I exported my ldif file from my openldap server which has both email accounts and distro groups. When i imported them into FDS all the email address were stripped. At first I thought it was the syntax of the openldap leif file, and at first it was and i wanst able to import anything. Now i can import without any errors but no email address come up, just user account info.
What did I do wrong?
Did you migrate the access control information from openldap to Fedora DS?
Thank you in advance,
-- Thank you, Adam A. Valenzuela
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
I'm trying to create a new group "cn=testgroup" under the "ou=Groups" which is already provided by default. The testgroup has an "entryid" attribute. However, when I try to add the "gidNumber" attribute through the "Add Attribute" Tab, it doesn't seem to be listed.
SWA
You have to add the objectClass first before you can add certain attributes because it belongs to that objectclass.
ie
ObjectClass in your case would be posixGroup then you can gidNumber.
Or better yet if doing lots of object manipulation I strongly recommend you learn how to edit objects via the command line its more powerful and adapt if you are modifying/adding/deleting several objects in the LDAP direcotory.
Ie in your case, Unix groups and membership which I've documented for reference on my website http://www.csse.uwa.edu.au/~ashley, look at "LDAP HOWTO Fedora Directory Server via Command line"
Cheers then, Ashley
I'm trying to create a new group "cn=testgroup" under the "ou=Groups" which is already provided by default. The testgroup has an "entryid" attribute. However, when I try to add the "gidNumber" attribute through the "Add Attribute" Tab, it doesn't seem to be listed.
SWA
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
!DSPAM:272,469bb2c7146121416619726!
I have a Solaris 9 client and have configured it as a client of fds-1.0.4 which runs on RHEL5. Without TLS, the Solaris client authenticates against the fds fine. But, if TLS is enabled on the Sun client, the ldapsearch commands runs ok, but, authentication fails. The nscd logs the following error message:
Jul 30 13:31:01 thread nscd[1172]: [ID 293258 user.error] libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (security library: bad database.)
Jul 30 13:31:01 thread nscd[1172]: [ID 293258 user.error] libsldap: Status: 7 Mesg: Session error no available conn.
I think the problem is related to the certificates on the Sun client but I'm not sure...
Thanks,
SWA
On Mon, 2007-07-30 at 13:44 -0500, Saied W. Andalib wrote:
I have a Solaris 9 client and have configured it as a client of fds-1.0.4 which runs on RHEL5. Without TLS, the Solaris client authenticates against the fds fine. But, if TLS is enabled on the Sun client, the ldapsearch commands runs ok, but, authentication fails. The nscd logs the following error message:
Jul 30 13:31:01 thread nscd[1172]: [ID 293258 user.error] libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (security library: bad database.)
Jul 30 13:31:01 thread nscd[1172]: [ID 293258 user.error] libsldap: Status: 7 Mesg: Session error no available conn.
I think the problem is related to the certificates on the Sun client but I'm not sure...
Thanks,
SWA
Do you have the certs copied to you Solaris client?
There's an example here: http://blogs.sun.com/baban/entry/steps_to_setup_ssl_using
and here: http://directory.fedoraproject.org/wiki/Howto:SolarisClient
I've also seen references that say to point netscape at https://yourserver:636, keep the certificate forever and copy .netscape/{cert7.db,key3.db} to /var/ldap on your Solaris client.
-Steve
The Solaris docs will also be somewhat helpful for this: http://docs.sun.com/app/docs/doc/816-4556/6maort2st?a=view#clientsetup-57
Steve Rigler wrote:
On Mon, 2007-07-30 at 13:44 -0500, Saied W. Andalib wrote:
I have a Solaris 9 client and have configured it as a client of fds-1.0.4 which runs on RHEL5. Without TLS, the Solaris client authenticates against the fds fine. But, if TLS is enabled on the Sun client, the ldapsearch commands runs ok, but, authentication fails. The nscd logs the following error message:
Jul 30 13:31:01 thread nscd[1172]: [ID 293258 user.error] libsldap: Status: 91 Mesg: openConnection: failed to initialize TLS security (security library: bad database.)
Jul 30 13:31:01 thread nscd[1172]: [ID 293258 user.error] libsldap: Status: 7 Mesg: Session error no available conn.
I think the problem is related to the certificates on the Sun client but I'm not sure...
Thanks,
SWA
Do you have the certs copied to you Solaris client?
There's an example here: http://blogs.sun.com/baban/entry/steps_to_setup_ssl_using
and here: http://directory.fedoraproject.org/wiki/Howto:SolarisClient
I've also seen references that say to point netscape at https://yourserver:636, keep the certificate forever and copy .netscape/{cert7.db,key3.db} to /var/ldap on your Solaris client.
-Steve
Thanks for replying. It works now! My mistake was that I was trying to get the certificates via Netscape with URL "http://fds-server:636", which always refused. The correct URL is "https://fds-server:636".
SWA
we had no aci's on the openldap side.
On 7/16/07, Richard Megginson rmeggins@redhat.com wrote:
Adam Valenzuela wrote:
Hello all,
I have a question about FDS and the ability to make a
distro/email group. Here is some backgroud. Currently running openldap as my GAL and we want to switch to FDS because the people we sync with all use exchange. I have FDS 1.0.3 stood up and running. I exported my ldif file from my openldap server which has both email accounts and distro groups. When i imported them into FDS all the email address were stripped. At first I thought it was the syntax of the openldap leif file, and at first it was and i wanst able to import anything. Now i can import without any errors but no email address come up, just user account info.
What did I do wrong?
Did you migrate the access control information from openldap to Fedora DS?
Thank you in advance,
-- Thank you, Adam A. Valenzuela
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Adam Valenzuela wrote:
we had no aci's on the openldap side.
On 7/16/07, *Richard Megginson* <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
Adam Valenzuela wrote: > Hello all, > > I have a question about FDS and the ability to make a > distro/email group. Here is some backgroud. Currently running > openldap as my GAL and we want to switch to FDS because the people we > sync with all use exchange. I have FDS 1.0.3 stood up and running. I > exported my ldif file from my openldap server which has both email > accounts and distro groups. When i imported them into FDS all the > email address were stripped. At first I thought it was the syntax of > the openldap leif file, and at first it was and i wanst able to import > anything. Now i can import without any errors but no email address > come up, just user account info.
Can you post a relevant excerpt of the LDIF file you exported from OpenLDAP?
> > What did I do wrong? Did you migrate the access control information from openldap to Fedora DS? > > Thank you in advance, > > -- > Thank you, > Adam A. Valenzuela > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Thank you, Adam A. Valenzuela
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
There is company sensitive information inside the ldif so i am unable to send you copy, but if you tell me what your lookig for i can troll for it.
On 7/16/07, Richard Megginson rmeggins@redhat.com wrote:
Adam Valenzuela wrote:
we had no aci's on the openldap side.
On 7/16/07, *Richard Megginson* <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
Adam Valenzuela wrote: > Hello all, > > I have a question about FDS and the ability to make a > distro/email group. Here is some backgroud. Currently running > openldap as my GAL and we want to switch to FDS because the people we > sync with all use exchange. I have FDS 1.0.3 stood up and running. I > exported my ldif file from my openldap server which has both email > accounts and distro groups. When i imported them into FDS all the > email address were stripped. At first I thought it was the syntax of > the openldap leif file, and at first it was and i wanst able to import > anything. Now i can import without any errors but no email
address
> come up, just user account info.
Can you post a relevant excerpt of the LDIF file you exported from OpenLDAP?
> > What did I do wrong? Did you migrate the access control information from openldap to Fedora DS? > > Thank you in advance, > > -- > Thank you, > Adam A. Valenzuela >
> > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Thank you, Adam A. Valenzuela
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Adam Valenzuela wrote:
There is company sensitive information inside the ldif so i am unable to send you copy, but if you tell me what your lookig for i can troll for it.
Well I'm not exactly sure, but I get the impression that something is wrong.
What people usually do is obscure company sensitive information before posting e.g. dn: uid=XXXXX,ou=people,dc=example,dc=com uid: XXXXX userPassword: XXXXXXX
On 7/16/07, * Richard Megginson* <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
Adam Valenzuela wrote: > we had no aci's on the openldap side. > > On 7/16/07, *Richard Megginson* <rmeggins@redhat.com <mailto:rmeggins@redhat.com> > <mailto: rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> wrote: > > Adam Valenzuela wrote: > > Hello all, > > > > I have a question about FDS and the ability to make a > > distro/email group. Here is some backgroud. Currently running > > openldap as my GAL and we want to switch to FDS because the > people we > > sync with all use exchange. I have FDS 1.0.3 stood up and > running. I > > exported my ldif file from my openldap server which has both email > > accounts and distro groups. When i imported them into FDS all the > > email address were stripped. At first I thought it was the > syntax of > > the openldap leif file, and at first it was and i wanst able to > import > > anything. Now i can import without any errors but no email address > > come up, just user account info. > Can you post a relevant excerpt of the LDIF file you exported from OpenLDAP? > > > > > What did I do wrong? > Did you migrate the access control information from openldap to > Fedora DS? > > > > Thank you in advance, > > > > -- > > Thank you, > > Adam A. Valenzuela > > > ------------------------------------------------------------------------ > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > -- > Thank you, > Adam A. Valenzuela > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users <https://www.redhat.com/mailman/listinfo/fedora-directory-users> > -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Thank you, Adam A. Valenzuela
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
ok, let me mod my file and ill shoot it off to you.
On 7/16/07, Richard Megginson rmeggins@redhat.com wrote:
Adam Valenzuela wrote:
There is company sensitive information inside the ldif so i am unable to send you copy, but if you tell me what your lookig for i can troll for it.
Well I'm not exactly sure, but I get the impression that something is wrong.
What people usually do is obscure company sensitive information before posting e.g. dn: uid=XXXXX,ou=people,dc=example,dc=com uid: XXXXX userPassword: XXXXXXX
On 7/16/07, * Richard Megginson* <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
Adam Valenzuela wrote: > we had no aci's on the openldap side. > > On 7/16/07, *Richard Megginson* <rmeggins@redhat.com <mailto:rmeggins@redhat.com> > <mailto: rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> wrote: > > Adam Valenzuela wrote: > > Hello all, > > > > I have a question about FDS and the ability to make a > > distro/email group. Here is some backgroud. Currently running > > openldap as my GAL and we want to switch to FDS because the > people we > > sync with all use exchange. I have FDS 1.0.3 stood up and > running. I > > exported my ldif file from my openldap server which has both email > > accounts and distro groups. When i imported them into FDS all the > > email address were stripped. At first I thought it was the > syntax of > > the openldap leif file, and at first it was and i wanst able to > import > > anything. Now i can import without any errors but no email address > > come up, just user account info. > Can you post a relevant excerpt of the LDIF file you exported from OpenLDAP? > > > > > What did I do wrong? > Did you migrate the access control information from openldap
to
> Fedora DS? > > > > Thank you in advance, > > > > -- > > Thank you, > > Adam A. Valenzuela > > >
> > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > >
https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > <mailto: Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com>> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > -- > Thank you, > Adam A. Valenzuela >
> > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users <https://www.redhat.com/mailman/listinfo/fedora-directory-users> > -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Thank you, Adam A. Valenzuela
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org