[Fedora-directory-users] LDAP proxy
Michal Rejda
mrejda at kerio.com
Thu Apr 16 11:57:24 UTC 2009
> Michal Rejda wrote:
> >
> >> -----Original Message-----
> >> From: fedora-directory-users-bounces at redhat.com [mailto:fedora-
> >> directory-users-bounces at redhat.com] On Behalf Of Rich Megginson
> >> Sent: Tuesday, April 14, 2009 4:25 PM
> >> To: General discussion list for the Fedora Directory server project.
> >> Subject: Re: [Fedora-directory-users] LDAP proxy
> >>
> >> Michal Rejda wrote:
> >>
> >>> I tried to use http://tinyurl.com/culeft. But the database link
> >>>
> >> doesn't work. I setup the database link to the Active Directory (and
> >> OpenLDAP). When I looked into Wireshark log, FDS send search request
> >> with controls:
> >>
> >>> 2.16.840.1.113730.3.4.2
> >>> 2.16.840.1.113730.3.4.12
> >>> And the AD server responded: Unavailable Critical Extension.
> >>>
> >>> I tried to remove this two controls from Database Link Settings (in
> >>>
> >> administration console) but it didn't help. The server didn't return
> >> the message above, but the administrative console show error dialog.
> >>
> >> What error?
> >>
> > I tried it again and the error message is exactly:
> >
> > Error fading object 'dn: dc=example, dc=com'.
> > The error send by the server was:
> > ".
> >
> > In the Whireshark log was still the search request witch control:
> > 2.16.840.1.113730.3.4.2
> >
> > Why is this control needed by the server when I removed it from
> Database link settings?
> >
> I'm not sure - maybe the console is not working correctly. Try this:
> 1) Shutdown the server
> 2) cd /etc/dirsrv/slapd-yourinstance
> 3) edit dse.ldif - look for the entry
> dn: cn=config,cn=chaining database,cn=plugins,cn=config
> 4) edit the nsTransmittedControls attribute - remove
> 2.16.840.1.113730.3.4.2
> 5) save and restart the server
I looked into dse.ldif for a nsTransmittedControls attribute. There is only the 1.3.6.1.4.1.1466.29539.12. , not the problematic 2.16.840.1.113730.3.4.2.
Isn't the 2.16.840.1.113730.3.4.2 hardcoded? Why is this so necessary?
> >
> >>>> Michal Rejda wrote:
> >>>>
> >>>>
> >>>>> Hi all,
> >>>>>
> >>>>> Im trying to setup proxy on FDS to another LDAP server (OpenLDAP
> >>>>> and Active Directory). I tried two ways, but none of these works:
> >>>>>
> >>>>> 1) New database link to LDAP server.
> >>>>>
> >>>>> - The remote LDAP server (OpenLDAP) returns: null. manageDSAit
> >>>>>
> >>>>>
> >>>> control
> >>>>
> >>>>
> >>>>> value not found
> >>>>>
> >>>>>
> >>>>>
> >>>> You might have to tweak the controls used by chaining - see
> >>>> http://tinyurl.com/culeft
> >>>>
> >>>>
> >>>>> 2) Create multiple-master replication and setup other server as
> >>>>>
> >>>>>
> >>>> consumer.
> >>>>
> >>>>
> >>>>> - But this show error: 255 Replication error acquiring replica:
> >>>>> unknown error.
> >>>>>
> >>>>>
> >>>>>
> >>>> Replication will only work to a SunDS, not to any other vendor.
> >>>>
> >>>>
> >>>>> My question is: Is there way how to setup proxy to access another
> >>>>>
> >>>>>
> >>>> LDAP
> >>>>
> >>>>
> >>>>> server from Fedora DS? I know that is possible to use AD sync,
> but
> >>>>>
> >> I
> >>
> >>>>> cannot install anything on the AD server. The second reason why I
> >>>>>
> >>>>>
> >>>> need
> >>>>
> >>>>
> >>>>> to setup proxy is to use data stored in LDAP server (OpenLDAP,
> >>>>> Open Direcoty Server and Active Directory) in one place. I need
> to
> >>>>>
> >> update
> >>
> >>>>> them too. It is not necessary to synchronize passwords.
> >>>>>
> >>>>>
> >>>>>
> >>>> See also
> >>>> http://directory.fedoraproject.org/wiki/Howto:OpenldapIntegration
> >>>>
> >>>>
> >>>>> Thank you for reply.
> >>>>>
> >>>>> Regards,
> >>>>>
> >>>>> Michal
> >>>>>
> >>>>>
More information about the 389-users
mailing list