[Fedora-directory-users] RE: Fedora-directory-users Digest, Vol 19, Issue 3

koniczynek koniczynek at uaznia.net
Tue Dec 5 18:01:07 UTC 2006


OMG please remove necessary information from the post, because now it's
hard to find what you wrote! And this happens in all of your posts ;) so
please, for the clarity and for the future use (mailing list archive) ;)

Richard Megginson, dnia 2006-12-05 16:19 napisal:
> t b wrote:
>>> From: fedora-directory-users-request at redhat.com
>>> Reply-To: fedora-directory-users at redhat.com
>>> To: fedora-directory-users at redhat.com
>>> Subject: Fedora-directory-users Digest, Vol 19, Issue 3
>>> Date: Sat, 2 Dec 2006 12:00:05 -0500 (EST)
>>>
>>> Send Fedora-directory-users mailing list submissions to
>>> fedora-directory-users at redhat.com
>>>
>>> To subscribe or unsubscribe via the World Wide Web, visit
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> or, via email, send a message with subject or body 'help' to
>>> fedora-directory-users-request at redhat.com
>>>
>>> You can reach the person managing the list at
>>> fedora-directory-users-owner at redhat.com
>>>
>>> When replying, please edit your Subject line so it is more specific
>>> than "Re: Contents of Fedora-directory-users digest..."
>>>
>>>
>>> Today's Topics:
>>>
>>> 1. Re: RE: Fedora-directory-users Digest, Vol 19, Issue 1
>>> (Richard Megginson)
>>> 2. Re: AD + FDS sync stops working? (To Ngan)
>>> 3. Re: Memory usage (koniczynek)
>>>
>>>
>>> ----------------------------------------------------------------------
>>>
>>> Message: 1
>>> Date: Fri, 01 Dec 2006 12:55:24 -0700
>>> From: Richard Megginson <rmeggins at redhat.com>
>>> Subject: Re: [Fedora-directory-users] RE: Fedora-directory-users
>>> Digest, Vol 19, Issue 1
>>> To: "General discussion list for the Fedora Directory server project."
>>> <fedora-directory-users at redhat.com>
>>> Message-ID: <457088AC.1030004 at redhat.com>
>>> Content-Type: text/plain; charset="iso-8859-1"
>>>
>>> t b wrote:
>>> > My logs seem to indicate that the connection is being encrypted; I can
>>> > ssh to a client server and get the password prompt, but when I enter
>>> > the password it just returns me to the password prompt again
>>> >
>>> > [01/Dec/2006:19:47:44 -0500] conn=650 fd=69 slot=69 connection from
>>> > xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx
>>> > [01/Dec/2006:19:47:44 -0500] conn=650 op=0 EXT
>>> > oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>>> > [01/Dec/2006:19:47:44 -0500] conn=650 op=0 RESULT err=0 tag=120
>>> > nentries=0 etime=0
>>> > [01/Dec/2006:19:47:44 -0500] conn=650 SSL 256-bit AES
>>> All of this means the client was able to successfully perform the
>>> startTLS extended operation and start using SSL.
>>> > [01/Dec/2006:19:47:44 -0500] conn=650 op=1 UNBIND
>>> > [01/Dec/2006:19:47:44 -0500] conn=650 op=1 fd=69 closed - U1
>>> The UNBIND means the client had a problem and closed the connection.
>>> Does the client print any errors? Are there any messages in the server
>>> error log?
>>
>> On the client server it show,
>>
>> sshd[24149]: Failed password for invalid user xxxxx from
>> xxx.xxx.xxx.xxx port xxx ssh2
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>> >
>>> > If I disable TLS everything works fine, the client server can query
>>> > the FDS and auth the client properly
>>> >
>>> > I am not sure if the problem has to do with the pam_ldap not properly
>>> > formatted or the cert file not in proper format
>>> >
>>> > Does anyone have an example of what the pam_ldap config should look
>>> > like? or suggestions on checking whether the cert file is in proper
>>> > format
>>> I'm not sure. PAM needs the ca cert of the CA that issued the directory
>>> server server cert. See
>>> http://directory.fedora.redhat.com/wiki/Howto:SSL for more information.
>>> >
>>
>> That was the info I used to do the SSL setup, but I only see a part of
>> the log output they indicated,
>>
>> Their logs,
>>
>> [18/Jul/2005:20:33:36 -0400] conn=4 op=0 EXT
>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> [18/Jul/2005:20:33:36 -0400] conn=4 op=0 RESULT err=0 tag=120
>> nentries=0 etime=0
>> [18/Jul/2005:20:33:36 -0400] conn=4 SSL 256-bit AES
>> [18/Jul/2005:20:33:36 -0400] conn=4 op=1 BIND dn="" method=128 version=3
>> [18/Jul/2005:20:33:36 -0400] conn=4 op=1 RESULT err=0 tag=97
>> nentries=0 etime=0 dn=""
>> [18/Jul/2005:20:33:36 -0400] conn=4 op=2 SRCH base="dc=example,dc=com"
>> scope=2 filter="(uid=testuser)" attrs=ALL
>>
>> My Logs,
>>
>> [04/Dec/2006:14:35:52 -0500] conn=757 op=0 EXT
>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> [04/Dec/2006:14:35:52 -0500] conn=757 op=0 RESULT err=0 tag=120
>> nentries=0 etime=0
>> [04/Dec/2006:14:35:52 -0500] conn=757 SSL 256-bit AES
>> [04/Dec/2006:14:35:52 -0500] conn=757 op=1 UNBIND
>> [04/Dec/2006:14:35:52 -0500] conn=757 op=1 fd=71 closed - U1
>>
>> For some reason my setup dies just before querying the FDS to
>> determine user details
>>
>> Do you know of any tests that I can run just on the client server to
>> determine proper confuguration?
> Firstly, try /usr/bin/ldapsearch to see if you can use startTLS and bind
> as your user.
>>
>>
>>
>>
>>
>>> > Also what's the UNBIND shown in the logs?
>>> >
>>> > Thanks
>>> >
>>> >> From: fedora-directory-users-request at redhat.com
>>> >> Reply-To: fedora-directory-users at redhat.com
>>> >> To: fedora-directory-users at redhat.com
>>> >> Subject: Fedora-directory-users Digest, Vol 19, Issue 1
>>> >> Date: Fri, 1 Dec 2006 12:00:06 -0500 (EST)
>>> >>
>>> >> Send Fedora-directory-users mailing list submissions to
>>> >> fedora-directory-users at redhat.com
>>> >>
>>> >> To subscribe or unsubscribe via the World Wide Web, visit
>>> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> >> or, via email, send a message with subject or body 'help' to
>>> >> fedora-directory-users-request at redhat.com
>>> >>
>>> >> You can reach the person managing the list at
>>> >> fedora-directory-users-owner at redhat.com
>>> >>
>>> >> When replying, please edit your Subject line so it is more specific
>>> >> than "Re: Contents of Fedora-directory-users digest..."
>>> >>
>>> >>
>>> >> Today's Topics:
>>> >>
>>> >> 1. pam_ldap with SSL/TLS (t b)
>>> >> 2. RE: pam_ldap with SSL/TLS (Morris, Patrick)
>>> >> 3. Re: pam_ldap with SSL/TLS (Richard Megginson)
>>> >> 4. Problem with SSL console in X in specific circumstances
>>> >> (Philip Kime)
>>> >> 5. FW: [Fedora-directory-users] Extracting details from
>>> >> ActiveDirectoryto FDS (Paxton, Darren)
>>> >> 6. alias in fedora directory server (patrick ndjientcheu ngandjui)
>>> >> 7. Re: FW: [Fedora-directory-users] Extracting details from
>>> >> ActiveDirectoryto FDS (Nicholas Byrne)
>>> >> 8. Re: Memory usage (koniczynek)
>>> >> 9. Re: Memory usage (David Boreham)
>>> >> 10. Re: Memory usage (koniczynek)
>>> >>
>>> >>
>>> >>
>>> ----------------------------------------------------------------------
>>> >>
>>> >> Message: 1
>>> >> Date: Thu, 30 Nov 2006 12:31:50 -0500
>>> >> From: "t b" <mxheadroom at hotmail.com>
>>> >> Subject: [Fedora-directory-users] pam_ldap with SSL/TLS
>>> >> To: fedora-directory-users at redhat.com
>>> >> Message-ID: <BAY116-F322745E96D702ED748B1D0CDDB0 at phx.gbl>
>>> >> Content-Type: text/plain; format=flowed
>>> >>
>>> >> I am trying to setup pam_ldap to use TLS to communicate with the FDS,
>>> >> but
>>> >> having lots of problems doing so; it works if I use the unencrypted
>>> >> way but
>>> >> not if I use ldaps ( port 636 )
>>> >>
>>> >> I used the instructions at,
>>> >> http://directory.fedora.redhat.com/wiki/Howto:PAM
>>> >>
>>> >> Has anyone gotten PAM to work TLS
>>> >>
>>> >>
>>> >> Thanks
>>> >>
>>> >> _________________________________________________________________
>>> >> Buy, Load, Play. The new Sympatico / MSN Music Store works seamlessly
>>> >> with
>>> >> Windows Media Player. Just Click PLAY.
>>> >>
>>> http://musicstore.sympatico.msn.ca/content/viewer.aspx?cid=SMS_Sept192006
>>>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 2
>>> >> Date: Thu, 30 Nov 2006 13:00:56 -0500
>>> >> From: "Morris, Patrick" <patrick.morris at hp.com>
>>> >> Subject: RE: [Fedora-directory-users] pam_ldap with SSL/TLS
>>> >> To: "General discussion list for the Fedora Directory server
>>> project."
>>> >> <fedora-directory-users at redhat.com>
>>> >> Message-ID:
>>> >>
>>> <CD18C81835E18A40A64C4A0D16A237BE05FE850D at ATAEXC01.americas.cpqcorp.net>
>>> >>
>>> >>
>>> >> Content-Type: text/plain; charset="US-ASCII"
>>> >>
>>> >> > I am trying to setup pam_ldap to use TLS to communicate with
>>> >> > the FDS, but having lots of problems doing so; it works if I
>>> >> > use the unencrypted way but not if I use ldaps ( port 636 )
>>> >>
>>> >> Someone should jump in here and correct me if I'm wrong, but I
>>> believe
>>> >> it's normal for TLS connections to happen on the standard LDAP port.
>>> >> You should be able to tell from your logs whether the connection is
>>> >> encrypted or not.
>>> >>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 3
>>> >> Date: Thu, 30 Nov 2006 11:08:08 -0700
>>> >> From: Richard Megginson <rmeggins at redhat.com>
>>> >> Subject: Re: [Fedora-directory-users] pam_ldap with SSL/TLS
>>> >> To: "General discussion list for the Fedora Directory server
>>> project."
>>> >> <fedora-directory-users at redhat.com>
>>> >> Message-ID: <456F1E08.40601 at redhat.com>
>>> >> Content-Type: text/plain; charset="iso-8859-1"
>>> >>
>>> >> Morris, Patrick wrote:
>>> >> >> I am trying to setup pam_ldap to use TLS to communicate with
>>> >> >> the FDS, but having lots of problems doing so; it works if I
>>> >> >> use the unencrypted way but not if I use ldaps ( port 636 )
>>> >> >>
>>> >> >
>>> >> > Someone should jump in here and correct me if I'm wrong, but I
>>> believe
>>> >> > it's normal for TLS connections to happen on the standard LDAP
>>> port.
>>> >> > You should be able to tell from your logs whether the connection is
>>> >> > encrypted or not.
>>> >> >
>>> >> Yes. The LDAP "preferred" way is to use the startTLS extended
>>> operation
>>> >> which starts a TLS session on the non-secure port. This will be
>>> logged
>>> >> in the access log.
>>> >> > --
>>> >> > Fedora-directory-users mailing list
>>> >> > Fedora-directory-users at redhat.com
>>> >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> >> >
>>> >> -------------- next part --------------
>>> >> A non-text attachment was scrubbed...
>>> >> Name: smime.p7s
>>> >> Type: application/x-pkcs7-signature
>>> >> Size: 3178 bytes
>>> >> Desc: S/MIME Cryptographic Signature
>>> >> Url :
>>> >>
>>> https://www.redhat.com/archives/fedora-directory-users/attachments/20061130/0634e78a/smime.bin
>>>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 4
>>> >> Date: Thu, 30 Nov 2006 18:02:55 -0800
>>> >> From: "Philip Kime" <pkime at Shopzilla.com>
>>> >> Subject: [Fedora-directory-users] Problem with SSL console in X in
>>> >> specific circumstances
>>> >> To: <fedora-directory-users at redhat.com>
>>> >> Message-ID:
>>> >> <9C0091F428E697439E7A773FFD083427435BE3 at szexchange.Shopzilla.inc>
>>> >> Content-Type: text/plain; charset="us-ascii"
>>> >>
>>> >> Here's the problem:
>>> >>
>>> >> Running startconsole (SSL) to a remote display on a PC X-server
>>> (xwin32)
>>> >> works fine and requires that my windows home dir on the PC X-server
>>> >> machine has .fedora-console/ containing cert8.db and key3.db, as
>>> you'd
>>> >> expect. If I rename this dir, the console hangs at the splash
>>> screen. So
>>> >> far, so good, all makes sense.
>>> >>
>>> >> If I try the same thing to cygwin's X server on same machine or to
>>> an X
>>> >> server on a Mac running OSX, startconsole always hangs as if it can't
>>> >> find ~/.fedora-console on the local machine. I've tried copying
>>> this dir
>>> >> to what cygwin/OSX thinks is the user's home dir but no luck. Where
>>> >> should I put the Cert db files under "real" UNIX X to get the SSL
>>> >> console to work? Also tried ~/.mmc as per the docs but I could
>>> never get
>>> >> this to work.
>>> >>
>>> >> PK
>>> >>
>>> >> --
>>> >> Philip Kime
>>> >> NOPS Systems Architect
>>> >> 310 401 0407
>>> >>
>>> >> -------------- next part --------------
>>> >> An HTML attachment was scrubbed...
>>> >> URL:
>>> >>
>>> https://www.redhat.com/archives/fedora-directory-users/attachments/20061130/054ecbd6/attachment.html
>>>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 5
>>> >> Date: Fri, 1 Dec 2006 08:04:30 -0000
>>> >> From: "Paxton, Darren" <Darren.Paxton at mercer.com>
>>> >> Subject: FW: [Fedora-directory-users] Extracting details from
>>> >> ActiveDirectoryto FDS
>>> >> To: <Fedora-directory-users at redhat.com>
>>> >> Message-ID:
>>> >> <52F7C07B119CF4439B7EFBFE0FB3256B027CBD02 at eidwpexms06.mercer.com>
>>> >> Content-Type: text/plain; charset="us-ascii"
>>> >>
>>> >> Skipped content of type multipart/alternative-------------- next part
>>> >> --------------
>>> >> --
>>> >> Fedora-directory-users mailing list
>>> >> Fedora-directory-users at redhat.com
>>> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 6
>>> >> Date: Fri, 1 Dec 2006 08:10:42 +0000 (GMT)
>>> >> From: patrick ndjientcheu ngandjui <tchen_pat at yahoo.fr>
>>> >> Subject: [Fedora-directory-users] alias in fedora directory server
>>> >> To: Fedora-directory-users at redhat.com
>>> >> Message-ID: <20061201081042.78578.qmail at web25801.mail.ukl.yahoo.com>
>>> >> Content-Type: text/plain; charset="iso-8859-1"
>>> >>
>>> >> Hi,
>>> >> I would like to know how to use alias in fedora directory server.It
>>> >> seems that it is used for point to another entry in the directory,but
>>> >> i don't know how to use this feature.May someone helps me on this
>>> >> issue? I would really appreciate an example.
>>> >>
>>> >> Thanks
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> ___________________________________________________________________________
>>>
>>> >>
>>> >> Découvrez une nouvelle façon d'obtenir des réponses à toutes vos
>>> >> questions !
>>> >> Profitez des connaissances, des opinions et des expériences des
>>> >> internautes sur Yahoo! Questions/Réponses
>>> >> http://fr.answers.yahoo.com
>>> >> -------------- next part --------------
>>> >> An HTML attachment was scrubbed...
>>> >> URL:
>>> >>
>>> https://www.redhat.com/archives/fedora-directory-users/attachments/20061201/0fa54e4f/attachment.html
>>>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 7
>>> >> Date: Fri, 01 Dec 2006 11:50:13 +0000
>>> >> From: Nicholas Byrne <nicholas.byrne at quadriga.com>
>>> >> Subject: Re: FW: [Fedora-directory-users] Extracting details from
>>> >> ActiveDirectoryto FDS
>>> >> To: "General discussion list for the Fedora Directory server
>>> project."
>>> >> <fedora-directory-users at redhat.com>
>>> >> Message-ID: <457016F5.5030202 at quadriga.com>
>>> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>> >>
>>> >> Your messages got through - you can confirm by checking the
>>> archives -
>>> >> https://www.redhat.com/archives/fedora-directory-users/
>>> >>
>>> >> I'm a new user as well so i'm afraid i can't answer your question,
>>> but
>>> >> if you keep asking i'm sure someone will know!
>>> >> Nick
>>> >>
>>> >> Paxton, Darren wrote:
>>> >> > Apologies for mailing yet again, however either my messages are not
>>> >> > getting through (something I don't believe as I keep getting the
>>> post
>>> >> > to the mailing list) - or for some reason, no one is willing to
>>> even
>>> >> > acknowledge my issue.
>>> >> >
>>> >> > In the spirit of the community - can someone at least acknowledge a
>>> >> > message as I find it quite disheartening that I have had no
>>> replies at
>>> >> > all even if just to point me somewhere for assistance.
>>> >> >
>>> >> >
>>> >>
>>> ------------------------------------------------------------------------
>>> >> > *From:* fedora-directory-users-bounces at redhat.com
>>> >> > [mailto:fedora-directory-users-bounces at redhat.com] *On Behalf Of
>>> >> > *Paxton, Darren
>>> >> > *Sent:* 30 November 2006 08:46
>>> >> > *To:* General discussion list for the Fedora Directory server
>>> project.
>>> >> > *Subject:* RE: [Fedora-directory-users] Extracting details from
>>> >> > ActiveDirectoryto FDS
>>> >> >
>>> >> > Hi
>>> >> >
>>> >> > Has anyone had any thoughts on my query or can point me in the
>>> right
>>> >> > direction?
>>> >> >
>>> >> > As is the nature of AD, I would have thought it is possible to
>>> extract
>>> >> > this information using a scope setting or something similar.
>>> >> >
>>> >> > Thanks
>>> >> >
>>> >> > Darren
>>> >> >
>>> >> >
>>> >>
>>> ------------------------------------------------------------------------
>>> >> > *From:* fedora-directory-users-bounces at redhat.com
>>> >> > [mailto:fedora-directory-users-bounces at redhat.com] *On Behalf Of
>>> >> > *Paxton, Darren
>>> >> > *Sent:* 24 November 2006 14:56
>>> >> > *To:* fedora-directory-users at redhat.com
>>> >> > *Subject:* [Fedora-directory-users] Extracting details from Active
>>> >> > Directoryto FDS
>>> >> >
>>> >> > Hi all,
>>> >> >
>>> >> > I've been tinkering with integrating our Linux devices into our AD
>>> >> > domain for some time and I've hit a few brick walls, however I've
>>> >> > recently discovered FDS and the synchronisation features with AD.
>>> >> >
>>> >> > I've managed to set up a few replication jobs, however due to the
>>> >> > extensive nature of our AD, I've realised that the sync only takes
>>> >> > the group and user objects from the OU or CN being specified.
>>> >> >
>>> >> > Is there any way I can specify that it should traverse all
>>> >> > subtrees of an OU and extract all that information back into FDS?
>>> >> >
>>> >> > Thanks
>>> >> >
>>> >> > Darren
>>> >> >
>>> >> > --
>>> >> > Darren Paxton
>>> >> > EMEA Tier2
>>> >> > Red Hat Certified Engineer
>>> >> > VMware Certified Professional
>>> >> > MGTI Centralised ops
>>> >> >
>>> >> >
>>> >> > This e-mail and any attachments may be confidential or legally
>>> >> > privileged.If you received this message in error or are not the
>>> >> > intended recipient, you should destroy the email message and any
>>> >> > attachments or copies, and you are prohibited from retaining,
>>> >> > distributing, disclosing or using any information contained herein.
>>> >> > Please inform us of the erroneous delivery by return e-mail.
>>> Thank you
>>> >> > for your co-operation.
>>> >> >
>>> >> > Mercer Human Resource Consulting Limited is authorised and
>>> regulated
>>> >> > by the Financial Services Authority. Registered in England No.
>>> 984275.
>>> >> > Registered Office: 1 Tower Place West, Tower Place, London, EC3R
>>> 5BU.
>>> >> >
>>> >> >
>>> >>
>>> ------------------------------------------------------------------------
>>> >> >
>>> >> > --
>>> >> > Fedora-directory-users mailing list
>>> >> > Fedora-directory-users at redhat.com
>>> >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> >> >
>>> >> >
>>> >>
>>> ------------------------------------------------------------------------
>>> >> >
>>> >> > --
>>> >> > Fedora-directory-users mailing list
>>> >> > Fedora-directory-users at redhat.com
>>> >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> >> >
>>> >>
>>> >>
>>> >>
>>> >> This e-mail is the property of Quadriga Worldwide Ltd, intended for
>>> >> the addressee only and confidential. Any dissemination, copying or
>>> >> distribution of this message or any attachments is strictly
>>> prohibited.
>>> >>
>>> >> If you have received this message in error, please notify us
>>> >> immediately by replying to the message and deleting it from your
>>> >> computer.
>>> >>
>>> >> Messages sent to and from Quadriga may be monitored.
>>> >>
>>> >> Quadriga cannot guarantee any message delivery method is secure or
>>> >> error-free. Information could be intercepted, corrupted, lost,
>>> >> destroyed, arrive late or incomplete, or contain viruses.
>>> >>
>>> >> We do not accept responsibility for any errors or omissions in this
>>> >> message and/or attachment that arise as a result of transmission.
>>> >>
>>> >> You should carry out your own virus checks before opening any
>>> >> attachment.
>>> >>
>>> >> Any views or opinions presented are solely those of the author and do
>>> >> not necessarily represent those of Quadriga.
>>> >>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 8
>>> >> Date: Fri, 01 Dec 2006 16:45:28 +0100
>>> >> From: koniczynek <koniczynek at uaznia.net>
>>> >> Subject: Re: [Fedora-directory-users] Memory usage
>>> >> To: "General discussion list for the Fedora Directory server
>>> project."
>>> >> <fedora-directory-users at redhat.com>
>>> >> Message-ID: <45704E18.3070705 at uaznia.net>
>>> >> Content-Type: text/plain; charset=ISO-8859-2; format=flowed
>>> >>
>>> >> Richard Megginson napisa³(a):
>>> >> > This is an excellent cache/memory tuning document from a Sun
>>> employee,
>>> >> > primarily targeted to Sun DS users, but almost all of the
>>> >> information is
>>> >> > relevant to Fedora DS (since they share a common lineage).
>>> >> >
>>> >> > http://www.directorymanager.org/blogs/ds_cache_sizing.pdf
>>> >> Lets say I heven't got much time lately so without thinking I've
>>> changed
>>> >> in dse.ldif
>>> >> nsslapd-import-cache-autosize from -1 to 1 and after restarting I've
>>> >> started to receive errors like: "3 Time limit exceeded" Someone do
>>> know
>>> >> what to do? ;)
>>> >>
>>> >> --
>>> >> xmpp/email: koniczynek at uaznia.net
>>> >> xmpp/email: koniczynek at gmail.com
>>> >>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 9
>>> >> Date: Fri, 01 Dec 2006 09:15:14 -0700
>>> >> From: David Boreham <david_list at boreham.org>
>>> >> Subject: Re: [Fedora-directory-users] Memory usage
>>> >> To: "General discussion list for the Fedora Directory server
>>> project."
>>> >> <fedora-directory-users at redhat.com>
>>> >> Message-ID: <45705512.4070808 at boreham.org>
>>> >> Content-Type: text/plain; charset=ISO-8859-2; format=flowed
>>> >>
>>> >> koniczynek wrote:
>>> >>
>>> >> > Richard Megginson napisa³(a):
>>> >> >
>>> >> >> This is an excellent cache/memory tuning document from a Sun
>>> >> >> employee, primarily targeted to Sun DS users, but almost all of
>>> the
>>> >> >> information is relevant to Fedora DS (since they share a common
>>> >> >> lineage).
>>> >> >>
>>> >> >> http://www.directorymanager.org/blogs/ds_cache_sizing.pdf
>>> >> >
>>> >> > Lets say I heven't got much time lately so without thinking I've
>>> >> > changed in dse.ldif
>>> >> > nsslapd-import-cache-autosize from -1 to 1 and after restarting
>>> I've
>>> >> > started to receive errors like: "3 Time limit exceeded" Someone do
>>> >> > know what to do? ;)
>>> >> >
>>> >> Change it back ?
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 10
>>> >> Date: Fri, 01 Dec 2006 17:53:22 +0100
>>> >> From: koniczynek <koniczynek at uaznia.net>
>>> >> Subject: Re: [Fedora-directory-users] Memory usage
>>> >> To: "General discussion list for the Fedora Directory server
>>> project."
>>> >> <fedora-directory-users at redhat.com>
>>> >> Message-ID: <45705E02.7020709 at uaznia.net>
>>> >> Content-Type: text/plain; charset=ISO-8859-2
>>> >>
>>> >> David Boreham, dnia 2006-12-01 17:15 napisal:
>>> >> >> Lets say I heven't got much time lately so without thinking I've
>>> >> >> changed in dse.ldif
>>> >> >> nsslapd-import-cache-autosize from -1 to 1 and after restarting
>>> I've
>>> >> >> started to receive errors like: "3 Time limit exceeded" Someone do
>>> >> >> know what to do? ;)
>>> >> > Change it back ?
>>> >> man, please, show some respect ;) I did change it back, but to no
>>> avail.
>>> >> Also I can say (to stop further questions): yes, I've stopped the
>>> server
>>> >> before change.
>>> >>
>>> >> --
>>> >> email/xmpp: koniczynek at uaznia.net
>>> >>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> --
>>> >> Fedora-directory-users mailing list
>>> >> Fedora-directory-users at redhat.com
>>> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> >>
>>> >>
>>> >> End of Fedora-directory-users Digest, Vol 19, Issue 1
>>> >> *****************************************************
>>> >
>>> > _________________________________________________________________
>>> > Off to school, going on a trip, or moving? Windows Live (MSN)
>>> > Messenger lets you stay in touch with friends and family wherever you
>>> > go. Click here to find out how to sign up!
>>> > http://www.telusmobility.com/msnxbox/
>>> >
>>> > --
>>> > Fedora-directory-users mailing list
>>> > Fedora-directory-users at redhat.com
>>> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> -------------- next part --------------
>>> A non-text attachment was scrubbed...
>>> Name: smime.p7s
>>> Type: application/x-pkcs7-signature
>>> Size: 3178 bytes
>>> Desc: S/MIME Cryptographic Signature
>>> Url :
>>> https://www.redhat.com/archives/fedora-directory-users/attachments/20061201/7d15c5b4/smime.bin
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 2
>>> Date: Fri, 01 Dec 2006 15:23:28 -0800
>>> From: To Ngan <tngan at redhat.com>
>>> Subject: Re: [Fedora-directory-users] AD + FDS sync stops working?
>>> To: "General discussion list for the Fedora Directory server project."
>>> <fedora-directory-users at redhat.com>
>>> Message-ID: <4570B970.3070901 at redhat.com>
>>> Content-Type: text/plain; charset="windows-1252"
>>>
>>> Dan Oglesby wrote:
>>> > I tried the following:
>>> >
>>> > In windows registry->HKLM->Software->PasswordSync, try add string
>>> value “Log
>>> > Level” and set it to “1”. Restart the passsync service. This should
>>> log
>>> > all transactions and errors. Turn this back to "0" and restart
>>> passsync
>>> > after troubleshooting.
>>> >
>>> > All I see in the log is this:
>>> >
>>> > 11/30/06 09:12:58: begin log
>>> > 11/30/06 09:12:59: 0 new entries loaded from file
>>> > 11/30/06 09:14:20: 0 new entries loaded from file
>>> > 11/30/06 09:14:20: 0 entries saved to file
>>> > 11/30/06 09:14:20: end log
>>> > 11/30/06 09:14:22: begin log
>>> > 11/30/06 09:14:22: 0 new entries loaded from file
>>> >
>>> > That’s after restarting the passsync service twice, and changing a
>>> user’s
>>> > password in AD four times.
>>> >
>>>
>>> Hmm... 2 Windows sync stopped working together after 6 months. Any cert
>>> on AD or DS side expired?
>>> -- 
>>> toto
>>>
>>> -------------- next part --------------
>>> A non-text attachment was scrubbed...
>>> Name: smime.p7s
>>> Type: application/x-pkcs7-signature
>>> Size: 3233 bytes
>>> Desc: S/MIME Cryptographic Signature
>>> Url :
>>> https://www.redhat.com/archives/fedora-directory-users/attachments/20061201/b9f1ea83/smime.bin
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 3
>>> Date: Sat, 02 Dec 2006 09:28:17 +0100
>>> From: koniczynek <koniczynek at uaznia.net>
>>> Subject: Re: [Fedora-directory-users] Memory usage
>>> To: "General discussion list for the Fedora Directory server project."
>>> <fedora-directory-users at redhat.com>
>>> Message-ID: <45713921.1080009 at uaznia.net>
>>> Content-Type: text/plain; charset=ISO-8859-2
>>>
>>> Richard Megginson, dnia 2006-12-01 18:00 napisal:
>>> >> man, please, show some respect ;) I did change it back, but to no
>>> avail.
>>> >> Also I can say (to stop further questions): yes, I've stopped the
>>> server
>>> >> before change.
>>> >>
>>> > What types of searches are returning time limit exceeded? Can you post
>>> > relevant excerpts from the access and error logs?
>>> I'm "benchmarking" my FDS with "ldapsearch -x" and earlier it worked and
>>> now it does not. In error logs there were "err=3" but I don't remember
>>> much more and I'll have access to the logs on Monday, so till then, only
>>> I can provide only this information (because I do not remember anything
>>> more ;) )
>>>
>>> -- 
>>> email/xmpp: koniczynek at uaznia.net
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> -- 
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>> End of Fedora-directory-users Digest, Vol 19, Issue 3
>>> *****************************************************
>>
>> _________________________________________________________________
>> Off to school, going on a trip, or moving? Windows Live (MSN)
>> Messenger lets you stay in touch with friends and family wherever you
>> go. Click here to find out how to sign up!
>> http://www.telusmobility.com/msnxbox/
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> 
> ------------------------------------------------------------------------
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users


-- 
email/xmpp: koniczynek at uaznia.net




More information about the 389-users mailing list