[Fedora-directory-users] (no subject)

Rich Megginson rmeggins at redhat.com
Wed Aug 13 20:57:59 UTC 2008 

Mister Anonyme wrote:
> > Date: Wed, 13 Aug 2008 14:03:31 -0600
> > From: rmeggins at redhat.com
> > To: fedora-directory-users at redhat.com
> > Subject: Re: [Fedora-directory-users] (no subject)
>
> > I think it is mentioned in the documentation.
> > 
> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html
> > "2. Install and configure the second Directory Server instance. For the
> > second server, |server2.example.com|, use the |setup-ds.pl| command,
> > which installs a Directory Server instance without installing a local
> > Administration Server. "
> >
> > Which is what you did below anyway. However, there is a doc bug:
> > "ConfigFile = netscaperootdb.ldif example suffix entry"
> > This links to an example of the suffix only, which is what you did 
> below
> > - the ldif only creates the suffix, not the associated database.
> >
> > The LDIF file should contain this:
> >
> > dn: cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config
> > objectclass: top
> > objectclass: extensibleObject
> > objectclass: nsBackendInstance
> > nsslapd-suffix: o=NetscapeRoot
> > cn: NetscapeRoot
> >
> > dn: cn=encrypted attribute keys,cn=NetscapeRoot,cn=ldbm
> > database,cn=plugins,cn=config
> > objectClass: top
> > objectClass: extensibleObject
> > cn: encrypted attributes keys
> >
> > dn: cn=encrypted attributes,cn=NetscapeRoot,cn=ldbm
> > database,cn=plugins,cn=config
> > objectClass: top
> > objectClass: extensibleObject
> > cn: encrypted attributes
> >
> > dn: cn="o=NetscapeRoot",cn=mapping tree,cn=config
> > objectclass: top
> > objectclass: extensibleObject
> > objectclass: nsMappingTree
> > cn: "o=NetscapeRoot"
> > nsslapd-state: backend
> > nsslapd-backend: NetscapeRoot
>
>
> Great!  It fixed the issue.
>
> I was also able to synchronize between two servers.
>
> But, when I execute the register-ds-admin.pl (step 4), I have this:
>
> # /usr/sbin/register-ds-admin.pl
> Beginning registration of the Directory Server
> ==============================================================================
> The Directory Server locates its configuration file (dse.ldif) at 
> /etc/dirsrv/slapd-ID, by default.  If you have Directory Server(s) 
> which configuration file is put at the other location, you need to 
> input it to register the server.
>
> If you have such Directory Server, type the full path that stores the 
> configuration file.
>
> If you don't, type return.
> [configuration directory path or return]:
>
>
> ==============================================================================
> Candidate servers to register:
>     /etc/dirsrv/slapd-myinstance
>
> ==============================================================================
> Do you want to use this server as Configuration Directory Server?
>
> Directory server identifier [myinstance]:
>
> ==============================================================================
> The server must run as a specific user in a specific group.
> It is strongly recommended that this user should have no privileges
> on the computer (i.e. a non-root user).  The setup procedure
> will give this user/group some permissions in specific paths/files
> to perform server-specific operations.
>
> If you have not yet created a user and group for the server,
> create this user and group using your native operating
> system utilities.
>
> System User [nobody]:
> System Group [nobody]:
>
> ==============================================================================
> Please specify the information about your configuration directory
> server.  The following information is required:
> - host (fully qualified), port (non-secure or secure), suffix,
>   protocol (ldap or ldaps) - this information should be provided in the
>   form of an LDAP url e.g. for non-secure
> ldap://host.example.com:389/o=NetscapeRoot
>   or for secure
> ldaps://host.example.com:636/o=NetscapeRoot
> - admin ID and password
> - admin domain
> - a CA certificate file may be required if you choose to use ldaps and
>   security has not yet been configured - the file must be in PEM/ASCII
>   format - specify the absolute path and filename
>
> Configuration directory server URL [ldap://SERVER2:389/o=NetscapeRoot]:
> Configuration directory server admin ID [admin]:
> Configuration directory server admin password:
> Configuration directory server admin password (confirm):
> Configuration directory server admin domain [DOMAIN]: DOMAIN
>
> ==============================================================================
> The information stored in the configuration directory server can be
> separated into different Administration Domains.  If you are managing
> multiple software releases at the same time, or managing information
> about multiple domains, you may use the Administration Domain to keep
> them separate.
>
> If you are not using administrative domains, press Enter to select the
> default.  Otherwise, enter some descriptive, unique name for the
> administration domain, such as the name of the organization
> responsible for managing the domain.
>
> Administration Domain [DOMAIN]:
>
> ==============================================================================
> The Administration Server is separate from any of your web or application
> servers since it listens to a different port and access to it is
> restricted.
>
> Pick a port number between 1024 and 65535 to run your Administration
> Server on. You should NOT use a port number which you plan to
> run a web or application server on, rather, select a number which you
> will remember and which will not be used for anything else.
>
> Administration port [9830]:
>
> ==============================================================================
> Registering new Config DS: SERVER2
>
> ==============================================================================
> Input the Directory Server password on the server SERVER2:
> Error: failed to register the configuration server info to the 
> Configuration Directory Server SERVER2.
Hmm - not sure.  Either earlier attempts have broken something past the 
point of repair, or there is a bug in register-ds-admin.pl - maybe it 
expects o=NetscapeRoot to not already exist?  But then the setup step 
earlier would fail without it.  Try register-ds-admin.pl -ddd
>
>
>
> ------------------------------------------------------------------------
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080813/61a00df2/attachment.bin>

More information about the 389-users mailing list