[Fedora-directory-users] LDAP proxy
Rich Megginson
rmeggins at redhat.com
Wed Apr 15 16:59:25 UTC 2009
Michal Rejda wrote:
>
>> -----Original Message-----
>> From: fedora-directory-users-bounces at redhat.com [mailto:fedora-
>> directory-users-bounces at redhat.com] On Behalf Of Rich Megginson
>> Sent: Tuesday, April 14, 2009 4:25 PM
>> To: General discussion list for the Fedora Directory server project.
>> Subject: Re: [Fedora-directory-users] LDAP proxy
>>
>> Michal Rejda wrote:
>>
>>> I tried to use http://tinyurl.com/culeft. But the database link
>>>
>> doesn't work. I setup the database link to the Active Directory (and
>> OpenLDAP). When I looked into Wireshark log, FDS send search request
>> with controls:
>>
>>> 2.16.840.1.113730.3.4.2
>>> 2.16.840.1.113730.3.4.12
>>> And the AD server responded: Unavailable Critical Extension.
>>>
>>> I tried to remove this two controls from Database Link Settings (in
>>>
>> administration console) but it didn't help. The server didn't return
>> the message above, but the administrative console show error dialog.
>>
>> What error?
>>
> I tried it again and the error message is exactly:
>
> Error fading object 'dn: dc=example, dc=com'.
> The error send by the server was:
> ".
>
> In the Whireshark log was still the search request witch control:
> 2.16.840.1.113730.3.4.2
>
> Why is this control needed by the server when I removed it from Database link settings?
>
I'm not sure - maybe the console is not working correctly. Try this:
1) Shutdown the server
2) cd /etc/dirsrv/slapd-yourinstance
3) edit dse.ldif - look for the entry
dn: cn=config,cn=chaining database,cn=plugins,cn=config
4) edit the nsTransmittedControls attribute - remove 2.16.840.1.113730.3.4.2
5) save and restart the server
>
>>>> Michal Rejda wrote:
>>>>
>>>>
>>>>> Hi all,
>>>>>
>>>>> I’m trying to setup proxy on FDS to another LDAP server (OpenLDAP
>>>>> and Active Directory). I tried two ways, but none of these works:
>>>>>
>>>>> 1) New database link to LDAP server.
>>>>>
>>>>> - The remote LDAP server (OpenLDAP) returns: null. manageDSAit
>>>>>
>>>>>
>>>> control
>>>>
>>>>
>>>>> value not found
>>>>>
>>>>>
>>>>>
>>>> You might have to tweak the controls used by chaining - see
>>>> http://tinyurl.com/culeft
>>>>
>>>>
>>>>> 2) Create multiple-master replication and setup other server as
>>>>>
>>>>>
>>>> consumer.
>>>>
>>>>
>>>>> - But this show error: 255 Replication error acquiring replica:
>>>>> unknown error.
>>>>>
>>>>>
>>>>>
>>>> Replication will only work to a SunDS, not to any other vendor.
>>>>
>>>>
>>>>> My question is: Is there way how to setup proxy to access another
>>>>>
>>>>>
>>>> LDAP
>>>>
>>>>
>>>>> server from Fedora DS? I know that is possible to use AD sync, but
>>>>>
>> I
>>
>>>>> cannot install anything on the AD server. The second reason why I
>>>>>
>>>>>
>>>> need
>>>>
>>>>
>>>>> to setup proxy is to use data stored in LDAP server (OpenLDAP, Open
>>>>> Direcoty Server and Active Directory) in one place. I need to
>>>>>
>> update
>>
>>>>> them too. It is not necessary to synchronize passwords.
>>>>>
>>>>>
>>>>>
>>>> See also
>>>> http://directory.fedoraproject.org/wiki/Howto:OpenldapIntegration
>>>>
>>>>
>>>>> Thank you for reply.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Michal
>>>>>
>>>>>
>>>>>
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090415/83df1bb3/attachment.bin>
More information about the 389-users
mailing list