Greetings,
I'm trying to install 389 on Centos 6, following this:
http://directory.fedoraproject.org/wiki/Install_Guide#New_Install
The guide makes it out to be as simple as "configure EPEL, then execute yum install 389-ds".
Instead, the install dies with yum not able to find a dozen or two dependencies, all of them perl, it looks like:
-perl(Setup) -perl (Mozilla::LDAP::Utils) -perl(Resource)
...and so on (Dialog, DSMigration, Migration, DSUpdate etc.)
I've tried both EPEL release, and EPEL testing. I can't seem to find anyone else complaining about these issues, so I'm guessing I'm missing something. Any suggestions?
Thanks! Brett
I think those should pull in from the centos repo shouldn't it?
On Thu, Jul 28, 2011 at 4:14 PM, Brett Dikeman brett.dikeman@gmail.comwrote:
Greetings,
I'm trying to install 389 on Centos 6, following this:
http://directory.fedoraproject.org/wiki/Install_Guide#New_Install
The guide makes it out to be as simple as "configure EPEL, then execute yum install 389-ds".
Instead, the install dies with yum not able to find a dozen or two dependencies, all of them perl, it looks like:
-perl(Setup) -perl (Mozilla::LDAP::Utils) -perl(Resource)
...and so on (Dialog, DSMigration, Migration, DSUpdate etc.)
I've tried both EPEL release, and EPEL testing. I can't seem to find anyone else complaining about these issues, so I'm guessing I'm missing something. Any suggestions?
Thanks! Brett -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 07/29/2011 05:14 AM, Brett Dikeman wrote:
Greetings,
I'm trying to install 389 on Centos 6, following this:
http://directory.fedoraproject.org/wiki/Install_Guide#New_Install
The guide makes it out to be as simple as "configure EPEL, then execute yum install 389-ds".
Instead, the install dies with yum not able to find a dozen or two dependencies, all of them perl, it looks like:
-perl(Setup) -perl (Mozilla::LDAP::Utils) -perl(Resource)
...and so on (Dialog, DSMigration, Migration, DSUpdate etc.)
I've tried both EPEL release, and EPEL testing. I can't seem to find anyone else complaining about these issues, so I'm guessing I'm missing something. Any suggestions?
Same thing happening here, on SL6 and CentOS6. So its not just you. Unfortunately I've had to switch to OpenLDAP for a bit until I can get this resolved (probably not for another month...). The weird thing is a lot of 389-ds packages are built and sitting in the EPEL repo, but 389-ds-base isn't present and all that perl madness is just missing. I did find the lack of discussion a little odd -- seems like people would notice this missing.
If anyone knows a magical workaround that would permit a proper 389 install it would be greatly appreciated (like "Geeze, get with it you knuckleheads, its been relabeled to the 390-ds now, duh.").
-Iwao
Just try and locate the repo with those missing packages, unless centos6 hasn't built them or something wierd like that.
2011/7/28 夜神 岩男 supergiantpotato@yahoo.co.jp
On 07/29/2011 05:14 AM, Brett Dikeman wrote:
Greetings,
I'm trying to install 389 on Centos 6, following this:
http://directory.fedoraproject.org/wiki/Install_Guide#New_Install
The guide makes it out to be as simple as "configure EPEL, then execute yum install 389-ds".
Instead, the install dies with yum not able to find a dozen or two dependencies, all of them perl, it looks like:
-perl(Setup) -perl (Mozilla::LDAP::Utils) -perl(Resource)
...and so on (Dialog, DSMigration, Migration, DSUpdate etc.)
I've tried both EPEL release, and EPEL testing. I can't seem to find anyone else complaining about these issues, so I'm guessing I'm missing something. Any suggestions?
Same thing happening here, on SL6 and CentOS6. So its not just you. Unfortunately I've had to switch to OpenLDAP for a bit until I can get this resolved (probably not for another month...). The weird thing is a lot of 389-ds packages are built and sitting in the EPEL repo, but 389-ds-base isn't present and all that perl madness is just missing. I did find the lack of discussion a little odd -- seems like people would notice this missing.
If anyone knows a magical workaround that would permit a proper 389 install it would be greatly appreciated (like "Geeze, get with it you knuckleheads, its been relabeled to the 390-ds now, duh.").
-Iwao
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 07/29/2011 01:10 PM, solarflow99 wrote:
Just try and locate the repo with those missing packages, unless centos6 hasn't built them or something wierd like that.
Nice top post. And thanks for tossing my email address to the world, too. And thanks for the well-researched response.
Sorry, I'm just cranky right now.
2011/7/28 夜神 岩男
On 07/29/2011 05:14 AM, Brett Dikeman wrote: > I'm trying to install 389 on Centos 6 > Instead, the install dies with yum not able to find a dozen or two > dependencies, all of them perl, it looks like: > > -perl(Setup) > -perl (Mozilla::LDAP::Utils) > -perl(Resource) > > ...and so on (Dialog, DSMigration, Migration, DSUpdate etc.) > > I've tried both EPEL release, and EPEL testing. I can't seem to find > anyone else complaining about these issues, so I'm guessing I'm > missing something. Any suggestions? Same thing happening here, on SL6 and CentOS6. So its not just you. Unfortunately I've had to switch to OpenLDAP for a bit until I can get this resolved (probably not for another month...). The weird thing is a lot of 389-ds packages are built and sitting in the EPEL repo, but 389-ds-base isn't present and all that perl madness is just missing. I did find the lack of discussion a little odd -- seems like people would notice this missing.
EPEL != ( SL || CentOS)
389 DS is not part of the distro so this isn't the problem. 389 has interesting perl dependencies which are not simple to resolve because they don't live in the codebase released by RH (Mozilla NSS LDAP API stuff, etc). Unless someone knows a better way, or if I get to the bottom of the issue and there's a better solution, this may require some Fedora-package magic to prevent pulling perl packages on top of existing repo rpms and things through cpan (for servers with nothing installed is there even a clear cpan dependency progression from -nothing- to having Mozilla::LDAP::API?)...
-Iwao
On Jul 29, 2011, at 12:10 AM, solarflow99 wrote:
Just try and locate the repo with those missing packages, unless centos6 hasn't built them or something wierd like that.
2011/7/28 夜神 岩男 supergiantpotato@yahoo.co.jp On 07/29/2011 05:14 AM, Brett Dikeman wrote:
Greetings,
I'm trying to install 389 on Centos 6, following this:
http://directory.fedoraproject.org/wiki/Install_Guide#New_Install
The guide makes it out to be as simple as "configure EPEL, then execute yum install 389-ds".
Instead, the install dies with yum not able to find a dozen or two dependencies, all of them perl, it looks like:
-perl(Setup) -perl (Mozilla::LDAP::Utils) -perl(Resource)
...and so on (Dialog, DSMigration, Migration, DSUpdate etc.)
I've tried both EPEL release, and EPEL testing. I can't seem to find anyone else complaining about these issues, so I'm guessing I'm missing something. Any suggestions?
Same thing happening here, on SL6 and CentOS6. So its not just you. Unfortunately I've had to switch to OpenLDAP for a bit until I can get this resolved (probably not for another month...). The weird thing is a lot of 389-ds packages are built and sitting in the EPEL repo, but 389-ds-base isn't present and all that perl madness is just missing. I did find the lack of discussion a little odd -- seems like people would notice this missing.
If anyone knows a magical workaround that would permit a proper 389 install it would be greatly appreciated (like "Geeze, get with it you knuckleheads, its been relabeled to the 390-ds now, duh.").
-Iwao
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
I completed a 389-ds setup this week, my working configuration uses the following:
On Red Hat x86_64 Server.....
389-admin.x86_64 1.1.20-1.el6 @epel6-testing-x86_64 389-admin-console.noarch 1.1.7-1.el6 @epel6-testing-x86_64 389-admin-console-doc.noarch 1.1.7-1.el6 @epel6-testing-x86_64 389-adminutil.x86_64 1.1.14-2.el6 @epel6-testing-x86_64 389-console.noarch 1.1.7-1.el6 @epel6-x86_64 389-ds.noarch 1.2.2-1.el6 @epel6-testing-x86_64 389-ds-base.x86_64 1.2.9-0.2.a2.el6 @epel-testing-389-ds-base 389-ds-base-libs.x86_64 1.2.9-0.2.a2.el6 @epel-testing-389-ds-base 389-ds-console.noarch 1.2.6-1.el6 @epel6-testing-x86_64 389-ds-console-doc.noarch 1.2.6-1.el6 @epel6-testing-x86_64 389-dsgw.x86_64 1.1.7-1.el6 @epel6-testing-x86_64
Here is a list of the repositories I'm using....
epel-389-ds-base epel-testing-389-ds-base epel6-testing-x86_64 epel6-x86_64 rhel-x86_64-server-6 rhel-x86_64-server-optional-6 rhel-x86_64-server-supplementary-6 rhn-tools-rhel-x86_64-server-6
Leo Pleiman Sr. Manager, Systems Architecture Salsa Labs, Ingredients for Organizing lpleiman@salsalabs.com 410.688.3873
Brett Dikeman wrote:
Greetings,
I'm trying to install 389 on Centos 6, following this:
http://directory.fedoraproject.org/wiki/Install_Guide#New_Install
The guide makes it out to be as simple as "configure EPEL, then execute yum install 389-ds".
Instead, the install dies with yum not able to find a dozen or two dependencies, all of them perl, it looks like:
-perl(Setup) -perl (Mozilla::LDAP::Utils) -perl(Resource)
...and so on (Dialog, DSMigration, Migration, DSUpdate etc.)
I've tried both EPEL release, and EPEL testing. I can't seem to find anyone else complaining about these issues, so I'm guessing I'm missing something. Any suggestions?
Don't take this as authoritative, I'm not on the 389-ds team.
I think the problem is that 389-ds-base was added to RHEL as a base package in 6.1 so if it gets added to epel there is going to be a conflict.
You can probably get the missing src rpms from ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/
Finding the right package for perl dependencies seems to be more an art than a skill. The names don't always line up nicely. One hint is that the DS* requirements are provided by 389-ds-base itself.
rob
On Fri, Jul 29, 2011 at 8:36 AM, Rob Crittenden rcritten@redhat.com wrote:
Don't take this as authoritative, I'm not on the 389-ds team.
I think the problem is that 389-ds-base was added to RHEL as a base package in 6.1 so if it gets added to epel there is going to be a conflict.
Centos 6 is based off RHEL 6 with backported security updates from 6.1, I believe.
Brett
On Jul 29, 2011, at 11:59 AM, Brett Dikeman wrote:
On Fri, Jul 29, 2011 at 8:36 AM, Rob Crittenden rcritten@redhat.com wrote:
Don't take this as authoritative, I'm not on the 389-ds team.
I think the problem is that 389-ds-base was added to RHEL as a base package in 6.1 so if it gets added to epel there is going to be a conflict.
Centos 6 is based off RHEL 6 with backported security updates from 6.1, I believe.
Brett
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Rumor has it there has been a mass exodus from Centos and the ports may be a little behind. You might want to look at Scientific Linux.
On Fri, Jul 29, 2011 at 12:02 PM, Leo Pleiman lpleiman@salsalabs.com wrote:
Rumor has it there has been a mass exodus from Centos and the ports may be a little behind. You might want to look at Scientific Linux.
I just tried SL 6.1. I did a 'basic server' clean install.
The epel-389-ds-base repo (as recommended here http://directory.fedoraproject.org/wiki/Download ) contains a URL which doesn't work (it's based off of $releasever, which on SL 6.1 is...6.1, not "6"! RHEL 6.1 has been out since May, it'd be nice if this was fixed.)
The URL in the file also isn't correct for the testing repo; it's trying to access:
/repos/rmeggins/389-ds-base/testing/epel-6/x86_64/repodata/repomd.xml
...and the correct URL, based on browsing the site in question, is:
/repos/rmeggins/389-ds-base/epel-6/testing/x86_64/repodata/repomd.xml
Amazingly, finally, it all seems to have installed.
-B
Brett Dikeman wrote:
On Fri, Jul 29, 2011 at 12:02 PM, Leo Pleimanlpleiman@salsalabs.com wrote:
Rumor has it there has been a mass exodus from Centos and the ports may be a little behind. You might want to look at Scientific Linux.
I just tried SL 6.1. I did a 'basic server' clean install.
The epel-389-ds-base repo (as recommended here http://directory.fedoraproject.org/wiki/Download ) contains a URL which doesn't work (it's based off of $releasever, which on SL 6.1 is...6.1, not "6"! RHEL 6.1 has been out since May, it'd be nice if this was fixed.)
Keep in mind this is the EPEL repo and not the SL repo.
The URL in the file also isn't correct for the testing repo; it's trying to access:
/repos/rmeggins/389-ds-base/testing/epel-6/x86_64/repodata/repomd.xml
...and the correct URL, based on browsing the site in question, is:
/repos/rmeggins/389-ds-base/epel-6/testing/x86_64/repodata/repomd.xml
Amazingly, finally, it all seems to have installed.
-B
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Anyone know if this has been fixed yet? --- Steven Santos Director P: 617-527-0667 F: 617-934-1870 E: Steven@SimplyCircus.com
Simply Circus, Inc. 86 Los Angeles Street Newton, MA 02462
On Fri, Jul 29, 2011 at 6:26 PM, Rob Crittenden rcritten@redhat.com wrote:
Brett Dikeman wrote:
On Fri, Jul 29, 2011 at 12:02 PM, Leo Pleimanlpleiman@salsalabs.com wrote:
Rumor has it there has been a mass exodus from Centos and the ports may be a little behind. You might want to look at Scientific Linux.
I just tried SL 6.1. I did a 'basic server' clean install.
The epel-389-ds-base repo (as recommended here http://directory.fedoraproject.org/wiki/Download ) contains a URL which doesn't work (it's based off of $releasever, which on SL 6.1 is...6.1, not "6"! RHEL 6.1 has been out since May, it'd be nice if this was fixed.)
Keep in mind this is the EPEL repo and not the SL repo.
The URL in the file also isn't correct for the testing repo; it's trying to access:
/repos/rmeggins/389-ds-base/testing/epel-6/x86_64/repodata/repomd.xml
...and the correct URL, based on browsing the site in question, is:
/repos/rmeggins/389-ds-base/epel-6/testing/x86_64/repodata/repomd.xml
Amazingly, finally, it all seems to have installed.
-B
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 07/29/2011 03:49 PM, Brett Dikeman wrote:
On Fri, Jul 29, 2011 at 12:02 PM, Leo Pleimanlpleiman@salsalabs.com wrote:
Rumor has it there has been a mass exodus from Centos and the ports may be a little behind. You might want to look at Scientific Linux.
I just tried SL 6.1. I did a 'basic server' clean install.
The epel-389-ds-base repo (as recommended here http://directory.fedoraproject.org/wiki/Download ) contains a URL which doesn't work (it's based off of $releasever, which on SL 6.1 is...6.1, not "6"! RHEL 6.1 has been out since May, it'd be nice if this was fixed.)
Fixed.
The URL in the file also isn't correct for the testing repo; it's trying to access:
/repos/rmeggins/389-ds-base/testing/epel-6/x86_64/repodata/repomd.xml
...and the correct URL, based on browsing the site in question, is:
/repos/rmeggins/389-ds-base/epel-6/testing/x86_64/repodata/repomd.xml
Fixed.
Amazingly, finally, it all seems to have installed.
EL6 support is . . . tricky. We will not provide support for 6.0 - too many missing dependencies. With RHEL6.1, since the 389-ds-base package is provided by the base OS, we cannot provide them via EPEL, hence the use of the private developer repo at fedorapeople.org. The other "problem" with EL6 is that the 389-ds-base package is not the full package - it is missing the replication and windows sync bits (hence the problem with the missing repl-monitor.pl). You have to pay extra for the ds-replication package in RHEL6 - right now it is available as a "tech preview" from your local sales rep. The 389-ds-base package from fedorapeople.org does have the replication bits.
So, to summarize, if you want the full 389 ds/admin/console on EL6: 1) you must use EL 6.1 or later 2) you must use 389-ds-base from the fedorapeople.org repo 3) you must use EPEL6 for the other packages
-B
Hi,
I Have to wonder if you are going this far to run 389 on RHEL 6.1 that you dont go a little further and try FreeIPA which is also a tech preview in 6.1.
regards
Steven ________________________________________ From: 389-users-bounces@lists.fedoraproject.org [389-users-bounces@lists.fedoraproject.org] on behalf of Rich Megginson [rmeggins@redhat.com] Sent: Tuesday, 2 August 2011 11:17 a.m. To: Brett Dikeman Cc: General discussion list for the 389 Directory server project. Subject: Re: [389-users] Centos 6?
On 07/29/2011 03:49 PM, Brett Dikeman wrote:
On Fri, Jul 29, 2011 at 12:02 PM, Leo Pleimanlpleiman@salsalabs.com wrote:
Rumor has it there has been a mass exodus from Centos and the ports may be a little behind. You might want to look at Scientific Linux.
I just tried SL 6.1. I did a 'basic server' clean install.
The epel-389-ds-base repo (as recommended here http://directory.fedoraproject.org/wiki/Download ) contains a URL which doesn't work (it's based off of $releasever, which on SL 6.1 is...6.1, not "6"! RHEL 6.1 has been out since May, it'd be nice if this was fixed.)
Fixed.
The URL in the file also isn't correct for the testing repo; it's trying to access:
/repos/rmeggins/389-ds-base/testing/epel-6/x86_64/repodata/repomd.xml
...and the correct URL, based on browsing the site in question, is:
/repos/rmeggins/389-ds-base/epel-6/testing/x86_64/repodata/repomd.xml
Fixed.
Amazingly, finally, it all seems to have installed.
EL6 support is . . . tricky. We will not provide support for 6.0 - too many missing dependencies. With RHEL6.1, since the 389-ds-base package is provided by the base OS, we cannot provide them via EPEL, hence the use of the private developer repo at fedorapeople.org. The other "problem" with EL6 is that the 389-ds-base package is not the full package - it is missing the replication and windows sync bits (hence the problem with the missing repl-monitor.pl). You have to pay extra for the ds-replication package in RHEL6 - right now it is available as a "tech preview" from your local sales rep. The 389-ds-base package from fedorapeople.org does have the replication bits.
So, to summarize, if you want the full 389 ds/admin/console on EL6: 1) you must use EL 6.1 or later 2) you must use 389-ds-base from the fedorapeople.org repo 3) you must use EPEL6 for the other packages
-B
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Can you talk to me about FreeIPA?
What is it?
What are the benefits of it?
Does it have a web page? --- Steven Santos Director P: 617-527-0667 F: 617-934-1870 E: Steven@SimplyCircus.com
Simply Circus, Inc. 86 Los Angeles Street Newton, MA 02462
On Mon, Aug 1, 2011 at 8:46 PM, Steven Jones Steven.Jones@vuw.ac.nz wrote:
Hi,
I Have to wonder if you are going this far to run 389 on RHEL 6.1 that you dont go a little further and try FreeIPA which is also a tech preview in 6.1.
regards
Steven ________________________________________ From: 389-users-bounces@lists.fedoraproject.org [389-users-bounces@lists.fedoraproject.org] on behalf of Rich Megginson [rmeggins@redhat.com] Sent: Tuesday, 2 August 2011 11:17 a.m. To: Brett Dikeman Cc: General discussion list for the 389 Directory server project. Subject: Re: [389-users] Centos 6?
On 07/29/2011 03:49 PM, Brett Dikeman wrote:
On Fri, Jul 29, 2011 at 12:02 PM, Leo Pleimanlpleiman@salsalabs.com wrote:
Rumor has it there has been a mass exodus from Centos and the ports may be a little behind. You might want to look at Scientific Linux.
I just tried SL 6.1. I did a 'basic server' clean install.
The epel-389-ds-base repo (as recommended here http://directory.fedoraproject.org/wiki/Download ) contains a URL which doesn't work (it's based off of $releasever, which on SL 6.1 is...6.1, not "6"! RHEL 6.1 has been out since May, it'd be nice if this was fixed.)
Fixed.
The URL in the file also isn't correct for the testing repo; it's trying to access:
/repos/rmeggins/389-ds-base/testing/epel-6/x86_64/repodata/repomd.xml
...and the correct URL, based on browsing the site in question, is:
/repos/rmeggins/389-ds-base/epel-6/testing/x86_64/repodata/repomd.xml
Fixed.
Amazingly, finally, it all seems to have installed.
EL6 support is . . . tricky. We will not provide support for 6.0 - too many missing dependencies. With RHEL6.1, since the 389-ds-base package is provided by the base OS, we cannot provide them via EPEL, hence the use of the private developer repo at fedorapeople.org. The other "problem" with EL6 is that the 389-ds-base package is not the full package - it is missing the replication and windows sync bits (hence the problem with the missing repl-monitor.pl). You have to pay extra for the ds-replication package in RHEL6 - right now it is available as a "tech preview" from your local sales rep. The 389-ds-base package from fedorapeople.org does have the replication bits.
So, to summarize, if you want the full 389 ds/admin/console on EL6:
- you must use EL 6.1 or later
- you must use 389-ds-base from the fedorapeople.org repo
- you must use EPEL6 for the other packages
-B
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hi,
www.freeipa.org
At present I am going to evaluate FreeIPA, Openldap and AD as possible solutions for us.
For freeipa my understanding is its released in 6.2 which is about November time so looking at it now seems a good idea, 3 months will fly by.
1) It has a very nice gui, simple to use. 2) Its pretty simple to install, almost as simple as typing dcpromo 3) Its very easy to get RHEL 6.1 clients to join it. 4) Its policy based where you can set rules based on source say user groups, applications say ssh allow or deny and then targets say server OUs.
So fa its the best thing Ive seen.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________ From: 389-users-bounces@lists.fedoraproject.org [389-users-bounces@lists.fedoraproject.org] on behalf of Steven Santos [Steven@simplycircus.com] Sent: Tuesday, 2 August 2011 1:04 p.m. To: General discussion list for the 389 Directory server project. Subject: Re: [389-users] Centos 6?
Can you talk to me about FreeIPA?
What is it?
What are the benefits of it?
Does it have a web page? --- Steven Santos Director P: 617-527-0667 F: 617-934-1870 E: Steven@SimplyCircus.com
Simply Circus, Inc. 86 Los Angeles Street Newton, MA 02462
On Mon, Aug 1, 2011 at 8:46 PM, Steven Jones Steven.Jones@vuw.ac.nz wrote:
Hi,
I Have to wonder if you are going this far to run 389 on RHEL 6.1 that you dont go a little further and try FreeIPA which is also a tech preview in 6.1.
regards
Steven ________________________________________ From: 389-users-bounces@lists.fedoraproject.org [389-users-bounces@lists.fedoraproject.org] on behalf of Rich Megginson [rmeggins@redhat.com] Sent: Tuesday, 2 August 2011 11:17 a.m. To: Brett Dikeman Cc: General discussion list for the 389 Directory server project. Subject: Re: [389-users] Centos 6?
On 07/29/2011 03:49 PM, Brett Dikeman wrote:
On Fri, Jul 29, 2011 at 12:02 PM, Leo Pleimanlpleiman@salsalabs.com wrote:
Rumor has it there has been a mass exodus from Centos and the ports may be a little behind. You might want to look at Scientific Linux.
I just tried SL 6.1. I did a 'basic server' clean install.
The epel-389-ds-base repo (as recommended here http://directory.fedoraproject.org/wiki/Download ) contains a URL which doesn't work (it's based off of $releasever, which on SL 6.1 is...6.1, not "6"! RHEL 6.1 has been out since May, it'd be nice if this was fixed.)
Fixed.
The URL in the file also isn't correct for the testing repo; it's trying to access:
/repos/rmeggins/389-ds-base/testing/epel-6/x86_64/repodata/repomd.xml
...and the correct URL, based on browsing the site in question, is:
/repos/rmeggins/389-ds-base/epel-6/testing/x86_64/repodata/repomd.xml
Fixed.
Amazingly, finally, it all seems to have installed.
EL6 support is . . . tricky. We will not provide support for 6.0 - too many missing dependencies. With RHEL6.1, since the 389-ds-base package is provided by the base OS, we cannot provide them via EPEL, hence the use of the private developer repo at fedorapeople.org. The other "problem" with EL6 is that the 389-ds-base package is not the full package - it is missing the replication and windows sync bits (hence the problem with the missing repl-monitor.pl). You have to pay extra for the ds-replication package in RHEL6 - right now it is available as a "tech preview" from your local sales rep. The 389-ds-base package from fedorapeople.org does have the replication bits.
So, to summarize, if you want the full 389 ds/admin/console on EL6:
- you must use EL 6.1 or later
- you must use 389-ds-base from the fedorapeople.org repo
- you must use EPEL6 for the other packages
-B
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On Tue, 2011-08-02 at 01:31 +0000, Steven Jones wrote:
Hi,
www.freeipa.org
At present I am going to evaluate FreeIPA, Openldap and AD as possible solutions for us.
For freeipa my understanding is its released in 6.2 which is about November time so looking at it now seems a good idea, 3 months will fly by.
- It has a very nice gui, simple to use.
- Its pretty simple to install, almost as simple as typing dcpromo
- Its very easy to get RHEL 6.1 clients to join it.
- Its policy based where you can set rules based on source say user groups, applications say ssh allow or deny and then targets say server OUs.
So fa its the best thing Ive seen.
<snip> I last looked at FreeIPA about two years ago. It looked great but was still very, very immature. Is it ready for production yet?
Hi,
It has come a long way in 2 years, IMHO. It maybe a little fresh still for production in some ways, hence we will look at it and kick it tyres in a POC (proof of concept), but I have huge pressures to put something in. There are several aspects to consider, from our perspective our admin users are very...uh...diverse in their skill set so ease of use is a biggee as is phone support from someone like RH. Some swings and roundabouts will be evident but that's the same for all products.
For instance comparing products, so far I've tried
Sun's IdM, the gui wouldnt work, Sun's reply we dont know why, install it on solaris and come back....uh no thanks.... Oracle's IdM and in 6 weeks couldn't get it installed, Oracle wanted 30k for training, $300 and hour for support and $150k to install and set it up.....crazy money. I tried 389, complex early documentation (7.1 I think it was), no support though. RDS, not available in NZ. win2k3R2 AD, 4 days no workie, gave up. win2k8R2 AD, worked straight off, doesnt look like its got much management capability though. FreeIPA up and running in a few days.....lots of management.
So, so far IPA is looking better than most of what I've looked at, say the top 3.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
8><------.
<snip> I last looked at FreeIPA about two years ago. It looked great but was still very, very immature. Is it ready for production yet?
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On Tue, 2011-08-02 at 02:31 +0000, Steven Jones wrote:
Hi,
It has come a long way in 2 years, IMHO. It maybe a little fresh still for production in some ways, hence we will look at it and kick it tyres in a POC (proof of concept), but I have huge pressures to put something in. There are several aspects to consider, from our perspective our admin users are very...uh...diverse in their skill set so ease of use is a biggee as is phone support from someone like RH. Some swings and roundabouts will be evident but that's the same for all products.
For instance comparing products, so far I've tried
Sun's IdM, the gui wouldnt work, Sun's reply we dont know why, install it on solaris and come back....uh no thanks.... Oracle's IdM and in 6 weeks couldn't get it installed, Oracle wanted 30k for training, $300 and hour for support and $150k to install and set it up.....crazy money. I tried 389, complex early documentation (7.1 I think it was), no support though. RDS, not available in NZ. win2k3R2 AD, 4 days no workie, gave up. win2k8R2 AD, worked straight off, doesnt look like its got much management capability though. FreeIPA up and running in a few days.....lots of management.
So, so far IPA is looking better than most of what I've looked at, say the top 3.
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
8><------.
<snip> I last looked at FreeIPA about two years ago. It looked great but was still very, very immature. Is it ready for production yet?
<snip> Very helpful. Thanks - John
On 2 August 2011 09:17, Rich Megginson rmeggins@redhat.com wrote:
So, to summarize, if you want the full 389 ds/admin/console on EL6:
- you must use EL 6.1 or later
- you must use 389-ds-base from the fedorapeople.org repo
- you must use EPEL6 for the other packages
Thanks for the summary. This should probably be copied into the Wiki/FAQ section, IMHO.
Does the requirement for a payment for the replication feature mean that I should start looking elsewhere for my LDAP needs, if I want to stick to FOSS CentOS and robust LDAP solutions? Or will the people in this forum keep maintaining a fully-functional open-source version?
389's multi-master replication and general stability are a killer feature from my perspective.
Thanks,
--Amos
On Mon, Aug 1, 2011 at 9:54 PM, Penedo penedo@gmail.com wrote:
On 2 August 2011 09:17, Rich Megginson rmeggins@redhat.com wrote:
So, to summarize, if you want the full 389 ds/admin/console on EL6:
- you must use EL 6.1 or later
- you must use 389-ds-base from the fedorapeople.org repo
- you must use EPEL6 for the other packages
Thanks for the summary. This should probably be copied into the Wiki/FAQ section, IMHO.
Does the requirement for a payment for the replication feature mean that I should start looking elsewhere for my LDAP needs, if I want to stick to FOSS CentOS and robust LDAP solutions? Or will the people in this forum keep maintaining a fully-functional open-source version?
389's multi-master replication and general stability are a killer feature from my perspective.
sure, I can add this is the FAQ. I am surprised that 389 has such issues in rhel6, I thought it was only Redhat Directory Server (the paid supported version of 389) that would have extras and optional features.
On 08/01/2011 07:54 PM, Penedo wrote:
On 2 August 2011 09:17, Rich Megginsonrmeggins@redhat.com wrote:
So, to summarize, if you want the full 389 ds/admin/console on EL6:
- you must use EL 6.1 or later
- you must use 389-ds-base from the fedorapeople.org repo
- you must use EPEL6 for the other packages
Thanks for the summary. This should probably be copied into the Wiki/FAQ section, IMHO.
Does the requirement for a payment for the replication feature mean that I should start looking elsewhere for my LDAP needs, if I want to stick to FOSS CentOS and robust LDAP solutions? Or will the people in this forum keep maintaining a fully-functional open-source version?
We will keep maintaining a fully-functional open-source version. We will continue to provide binaries for Fedora/EPEL.
389's multi-master replication and general stability are a killer feature from my perspective.
Thanks,
--Amos
389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 2 August 2011 12:42, Rich Megginson rmeggins@redhat.com wrote:
On 08/01/2011 07:54 PM, Penedo wrote:
Does the requirement for a payment for the replication feature mean that I should start looking elsewhere for my LDAP needs, if I want to stick to FOSS CentOS and robust LDAP solutions? Or will the people in this forum keep maintaining a fully-functional open-source version?
We will keep maintaining a fully-functional open-source version. We will continue to provide binaries for Fedora/EPEL.
Would this include multi-master, as it is now or another implementation?
Thanks again,
--Amos
On 08/01/2011 09:41 PM, Penedo wrote:
On 2 August 2011 12:42, Rich Megginsonrmeggins@redhat.com wrote:
On 08/01/2011 07:54 PM, Penedo wrote:
Does the requirement for a payment for the replication feature mean that I should start looking elsewhere for my LDAP needs, if I want to stick to FOSS CentOS and robust LDAP solutions? Or will the people in this forum keep maintaining a fully-functional open-source version?
We will keep maintaining a fully-functional open-source version. We will continue to provide binaries for Fedora/EPEL.
Would this include multi-master, as it is now or another implementation?
Yes. The separate ds-replication package is only for RHEL and RHDS customers.
Thanks again,
--Amos
Rich,
Trying to install 389-ds-base from your repo on SL 6.1 x86_64 and getting:
$ sudo yum install 389-ds-base --enablerepo=epel-testing Loaded plugins: refresh-packagekit Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package 389-ds-base.x86_64 0:1.2.8.3-1.el6 will be installed --> Processing Dependency: 389-ds-base-libs = 1.2.8.3-1.el6 for package: 389-ds-base-1.2.8.3-1.el6.x86_64 --> Processing Dependency: libslapd.so.0()(64bit) for package: 389-ds-base-1.2.8.3-1.el6.x86_64 --> Running transaction check ---> Package 389-ds-base-libs.x86_64 0:1.2.8.3-1.el6 will be installed --> Processing Conflict: 389-ds-base-1.2.8.3-1.el6.x86_64 conflicts selinux-policy-base < 3.9.7-11 --> Finished Dependency Resolution Error: 389-ds-base conflicts with selinux-policy-targeted You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Installed Packages Name : selinux-policy-targeted Arch : noarch Version : 3.7.19 Release : 93.el6_1.2 Size : 2.8 M Repo : installed
From repo : sl-security
Summary : SELinux targeted base policy URL : http://oss.tresys.com/repos/refpolicy/ License : GPLv2+ Description : SELinux Reference policy targeted base module.
My selinux policy too new?
Thanks, Aaron Hagopian
On Tue, Aug 2, 2011 at 9:04 AM, Rich Megginson rmeggins@redhat.com wrote:
On 08/01/2011 09:41 PM, Penedo wrote:
On 2 August 2011 12:42, Rich Megginsonrmeggins@redhat.com wrote:
On 08/01/2011 07:54 PM, Penedo wrote:
Does the requirement for a payment for the replication feature mean that I should start looking elsewhere for my LDAP needs, if I want to stick to FOSS CentOS and robust LDAP solutions? Or will the people in this forum keep maintaining a fully-functional open-source version?
We will keep maintaining a fully-functional open-source version. We
will
continue to provide binaries for Fedora/EPEL.
Would this include multi-master, as it is now or another implementation?
Yes. The separate ds-replication package is only for RHEL and RHDS customers.
Thanks again,
--Amos
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 08/05/2011 12:36 PM, Aaron Hagopian wrote:
Rich,
Trying to install 389-ds-base from your repo on SL 6.1 x86_64 and getting:
$ sudo yum install 389-ds-base --enablerepo=epel-testing Loaded plugins: refresh-packagekit Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package 389-ds-base.x86_64 0:1.2.8.3-1.el6 will be installed --> Processing Dependency: 389-ds-base-libs = 1.2.8.3-1.el6 for package: 389-ds-base-1.2.8.3-1.el6.x86_64 --> Processing Dependency: libslapd.so.0()(64bit) for package: 389-ds-base-1.2.8.3-1.el6.x86_64 --> Running transaction check ---> Package 389-ds-base-libs.x86_64 0:1.2.8.3-1.el6 will be installed --> Processing Conflict: 389-ds-base-1.2.8.3-1.el6.x86_64 conflicts selinux-policy-base < 3.9.7-11 --> Finished Dependency Resolution Error: 389-ds-base conflicts with selinux-policy-targeted You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Installed Packages Name : selinux-policy-targeted Arch : noarch Version : 3.7.19 Release : 93.el6_1.2 Size : 2.8 M Repo : installed From repo : sl-security Summary : SELinux targeted base policy URL : http://oss.tresys.com/repos/refpolicy/ License : GPLv2+ Description : SELinux Reference policy targeted base module.
My selinux policy too new?
No. The problem is that 1.2.8.3 doesn't work. Try the latest 1.2.9.x from the testing repo.
Thanks, Aaron Hagopian
On Tue, Aug 2, 2011 at 9:04 AM, Rich Megginson <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
On 08/01/2011 09:41 PM, Penedo wrote: > On 2 August 2011 12:42, Rich Megginson<rmeggins@redhat.com <mailto:rmeggins@redhat.com>> wrote: >> On 08/01/2011 07:54 PM, Penedo wrote: >>> Does the requirement for a payment for the replication feature mean >>> that I should start looking elsewhere for my LDAP needs, if I want to >>> stick to FOSS CentOS and robust LDAP solutions? Or will the people in >>> this forum keep maintaining a fully-functional open-source version? >> We will keep maintaining a fully-functional open-source version. We will >> continue to provide binaries for Fedora/EPEL. > Would this include multi-master, as it is now or another implementation? Yes. The separate ds-replication package is only for RHEL and RHDS customers. > Thanks again, > > --Amos -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Thank you, I was able to install 1.2.9 from the testing repo.
On Mon, Aug 8, 2011 at 9:49 AM, Rich Megginson rmeggins@redhat.com wrote:
** On 08/05/2011 12:36 PM, Aaron Hagopian wrote:
Rich,
Trying to install 389-ds-base from your repo on SL 6.1 x86_64 and getting:
$ sudo yum install 389-ds-base --enablerepo=epel-testing Loaded plugins: refresh-packagekit Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package 389-ds-base.x86_64 0:1.2.8.3-1.el6 will be installed --> Processing Dependency: 389-ds-base-libs = 1.2.8.3-1.el6 for package: 389-ds-base-1.2.8.3-1.el6.x86_64 --> Processing Dependency: libslapd.so.0()(64bit) for package: 389-ds-base-1.2.8.3-1.el6.x86_64 --> Running transaction check ---> Package 389-ds-base-libs.x86_64 0:1.2.8.3-1.el6 will be installed --> Processing Conflict: 389-ds-base-1.2.8.3-1.el6.x86_64 conflicts selinux-policy-base < 3.9.7-11 --> Finished Dependency Resolution Error: 389-ds-base conflicts with selinux-policy-targeted You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest
Installed Packages Name : selinux-policy-targeted Arch : noarch Version : 3.7.19 Release : 93.el6_1.2 Size : 2.8 M Repo : installed From repo : sl-security Summary : SELinux targeted base policy URL : http://oss.tresys.com/repos/refpolicy/ License : GPLv2+ Description : SELinux Reference policy targeted base module.
My selinux policy too new?
No. The problem is that 1.2.8.3 doesn't work. Try the latest 1.2.9.x from the testing repo.
Thanks, Aaron Hagopian
On Tue, Aug 2, 2011 at 9:04 AM, Rich Megginson rmeggins@redhat.comwrote:
On 08/01/2011 09:41 PM, Penedo wrote:
On 2 August 2011 12:42, Rich Megginsonrmeggins@redhat.com wrote:
On 08/01/2011 07:54 PM, Penedo wrote:
Does the requirement for a payment for the replication feature mean that I should start looking elsewhere for my LDAP needs, if I want to stick to FOSS CentOS and robust LDAP solutions? Or will the people in this forum keep maintaining a fully-functional open-source version?
We will keep maintaining a fully-functional open-source version. We
will
continue to provide binaries for Fedora/EPEL.
Would this include multi-master, as it is now or another implementation?
Yes. The separate ds-replication package is only for RHEL and RHDS customers.
Thanks again,
--Amos
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
On Mon, Aug 1, 2011 at 7:17 PM, Rich Megginson rmeggins@redhat.com wrote:
Fixed.
Fixed.
Amazingly, finally, it all seems to have installed.
EL6 support is . . . tricky.
Rich, thank you for straightening this out so quickly, and the clearest explanation thus far of the issues involved.
Aside from weird stuff like Safari giving us authentication issues and generating a lot of "language not supported" errors in the web interfaces (and the top navigation buttons not appearing in Firefox...sigh), so far, so good...
-B
On 08/03/2011 02:30 PM, Brett Dikeman wrote:
On Mon, Aug 1, 2011 at 7:17 PM, Rich Megginsonrmeggins@redhat.com wrote:
Fixed. Fixed.
Amazingly, finally, it all seems to have installed.
EL6 support is . . . tricky.
Rich, thank you for straightening this out so quickly, and the clearest explanation thus far of the issues involved.
Aside from weird stuff like Safari giving us authentication issues and generating a lot of "language not supported" errors in the web interfaces (and the top navigation buttons not appearing in Firefox...sigh),
Where? In which applications? Admin Express? DSGW?
so far, so good...
-B
389-users@lists.fedoraproject.org