[Fedora-directory-users] LDAP proxy
Rich Megginson
rmeggins at redhat.com
Thu Apr 23 13:25:09 UTC 2009
Michal Rejda wrote:
>> Michal Rejda wrote:
>>
>>>> Michal Rejda wrote:
>>>>
>>>>
>>>>>> Michal Rejda wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>> Michal Rejda wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>> Michal Rejda wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>> Michal Rejda wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>> -----Original Message-----
>>>>>>>>>>>>>> From: fedora-directory-users-bounces at redhat.com
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>> [mailto:fedora-
>>>>>>
>>>>>>
>>>>>>
>>>>>>>>>>>>>> directory-users-bounces at redhat.com] On Behalf Of Rich
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>> Megginson
>>>>>>
>>>>>>
>>>>>>
>>>>>>>>>>>>>> Sent: Tuesday, April 14, 2009 4:25 PM
>>>>>>>>>>>>>> To: General discussion list for the Fedora Directory
>>>>>>>>>>>>>>
>> server
>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>> project.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>>> Subject: Re: [Fedora-directory-users] LDAP proxy
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Michal Rejda wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I tried to use http://tinyurl.com/culeft. But the
>>>>>>>>>>>>>>>
>> database
>>
>>>>>>>>>>>>>>> link
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> doesn't work. I setup the database link to the Active
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>> Directory
>>>>>>
>>>>>>
>>>>>>
>>>>>>>>>> (and
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>>> OpenLDAP). When I looked into Wireshark log, FDS send
>>>>>>>>>>>>>> search
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>> request
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>>> with controls:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 2.16.840.1.113730.3.4.2
>>>>>>>>>>>>>>> 2.16.840.1.113730.3.4.12
>>>>>>>>>>>>>>> And the AD server responded: Unavailable Critical
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>> Extension.
>>>>
>>>>
>>>>>>>>>>>>>>> I tried to remove this two controls from Database Link
>>>>>>>>>>>>>>> Settings
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>> (in
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>>> administration console) but it didn't help. The server
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>> didn't
>>>>
>>>>
>>>>>>>>>>>>>>
>>>>>>>>>> return
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>>> the message above, but the administrative console show
>>>>>>>>>>>>>> error
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>> dialog.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>>> What error?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>> I tried it again and the error message is exactly:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Error fading object 'dn: dc=example, dc=com'.
>>>>>>>>>>>>> The error send by the server was:
>>>>>>>>>>>>> ".
>>>>>>>>>>>>>
>>>>>>>>>>>>> In the Whireshark log was still the search request witch
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>> control:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>>>>>>> 2.16.840.1.113730.3.4.2
>>>>>>>>>>>>>
>>>>>>>>>>>>> Why is this control needed by the server when I removed it
>>>>>>>>>>>>> from
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>> Database link settings?
>>>>>>>>>>>>
>>>>>>>>>>>> I'm not sure - maybe the console is not working correctly.
>>>>>>>>>>>> Try
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>> this:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>>>> 1) Shutdown the server
>>>>>>>>>>>> 2) cd /etc/dirsrv/slapd-yourinstance
>>>>>>>>>>>> 3) edit dse.ldif - look for the entry
>>>>>>>>>>>> dn: cn=config,cn=chaining database,cn=plugins,cn=config
>>>>>>>>>>>> 4) edit the nsTransmittedControls attribute - remove
>>>>>>>>>>>> 2.16.840.1.113730.3.4.2
>>>>>>>>>>>> 5) save and restart the server
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>> I looked into dse.ldif for a nsTransmittedControls attribute.
>>>>>>>>>>> There
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> is only the 1.3.6.1.4.1.1466.29539.12. , not the problematic
>>>>>>>>>> 2.16.840.1.113730.3.4.2.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Isn't the 2.16.840.1.113730.3.4.2 hardcoded?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> If it is, I don't see it. There is no mention of managedsa or
>>>>>>>>>> 2.16.840.1.113730.3.4.2 anywhere in the chaining backend code.
>>>>>>>>>> The only place it is mentioned is in the default list of
>>>>>>>>>> nsTransmittedControls in the template-dse.ldif used during new
>>>>>>>>>> instance creation.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Why is this so necessary?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> It's not necessary, and I'm not sure where it is coming from.
>>>>>>>>>> Once place might be an internal operation, but I'm not sure
>>>>>>>>>> what internal operation would be doing this. You might also
>>>>>>>>>>
>> try
>>
>>>>>>>>>> to remove nsActiveChainingComponents and
>>>>>>>>>> nsPossibleChainingComponents to see
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> if
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>> one of those components is doing an internal operation with
>>>>>>>>>> managedsait set.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> I removed nsActiveChainingComponents and
>>>>>>>>> nsPossibleChainingComponents
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> and it didn't help.
>>>>>>>>
>>>>>>>> Then I'm not sure where it's coming from. I suppose you could
>>>>>>>> enable tracing in the directory server and see if there is
>>>>>>>>
>>>>>>>>
>>>> anything
>>>>
>>>>
>>>>>>>> interesting in the error log - see
>>>>>>>> http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> In the attachment is the part of the server error log. I removed
>>>>>>>
>>>>>>>
>>>> all
>>>>
>>>>
>>>>>>> messages before I click on the exclamation mark before the DN in
>>>>>>>
>>>>>>>
>>>> the
>>>>
>>>>
>>>>>>> Fedora administration console -> Directory folder tab. I don't
>>>>>>> understand this log. It is helpful for you?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> Ah, I see. You are using the console to try to browse the AD tree?
>>>>>> And you are using the console admin user "admin"? Try ldapsearch
>>>>>>
>>>>>>
>>>> from
>>>>
>>>>
>>>>>> the command line, and attempt to authenticate as an AD user (e.g.
>>>>>> cn=administrator,cn=users,dc=example,dc=com).
>>>>>>
>>>>>>
>>>>>>
>>>>> Yes, you are right. I use the console to browse AD tree. But I do
>>>>>
>>>>>
>>>> this because there is attention marker before the root suffix (lib-
>>>> w2k3r2) in the Directory tab and I just double click on it.
>>>>
>>>>
>>>>> I tried ldapsearch using AD user (Administrator). I'm able to login
>>>>>
>>>>>
>>>> but the ldapsearch don't show any results (I use Apache Directory
>>>> Studio). When I looked into Whireshark log, I now see that another
>>>> critical extension is missing: 2.16.840.1.113730.3.4.12. The log is
>>>> in the attachment.
>>>>
>>>> Make sure 2.16.840.1.113730.3.4.12 is not in the transmitted
>>>>
>> controls.
>>
>>>> Set nsProxiedAuthorization to 0 - that should make it not use
>>>> 2.16.840.1.113730.3.4.12 which is the proxyauth control.
>>>>
>>>>
>>> It works. Thank you very much! I can connect to the AD and list users
>>>
>> and whatever I want.
>>
>>> I have one more difficulty. When I send ldapmodify to the node in the
>>> AD, FDS add to this request two more attributes (modifiersname,
>>> modifytimestamp). AD don't know these attributes and returns the
>>>
>> error
>>
>>> (errorMessage: 00000057: LdapErr: DSID-0C090A85, comment: Error in
>>> attribute conversion operation, data 0, vece). Is it possible to
>>> disable this functionality
>>>
>> Yes. This is the nsslapd-lastmod attribute in cn=config - set this to 0
>>
>>> or rewrite attributes name into AD attributes name (e.g.
>>>
>> modifytimestamp -> whenChanged)? I cannot change AD schema.
>>
>> No, it's not possible to map it.
>>
>
> Perhaps one of last questions on LDAP proxy :-) Is there a way how to setup permissions to list/searching AD using chaining? I'm looking into administration guide and if I see it well, I have to setup ACI on the AD. But AD does not have ACI attributes. I tried to add ACI on the cn=link-ads,cn=chaining database,cn=plugins,cn=config but it didn't help.
>
Right. AD access control is completely different, and Fedora DS is not
smart enough to translate its acis into AD access control.
If you have a real local suffix as the parent of your AD suffix, you
could set acis in that suffix.
>
>> BTW, I would really appreciate it if you could write up something for
>> the wiki about "using chaining to create an AD 'view'" - if you would
>> rather just send me the info in an email, that would be fine too.
>>
>>>>>>>>>>>>>>>> Michal Rejda wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi all,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I’m trying to setup proxy on FDS to another LDAP server
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>> (OpenLDAP
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>>>>>> and Active Directory). I tried two ways, but none of
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>> these
>>>>
>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>> works:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>>>>>> 1) New database link to LDAP server.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> - The remote LDAP server (OpenLDAP) returns: null.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>> manageDSAit
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>>>>> control
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> value not found
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> You might have to tweak the controls used by chaining -
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>> see
>>>>
>>>>
>>>>>>>>>>>>>>>> http://tinyurl.com/culeft
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 2) Create multiple-master replication and setup other
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>> server
>>>>>>
>>>>>>
>>>>>>
>>>>>>>>>>>>>>>>> as
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> consumer.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> - But this show error: 255 Replication error acquiring
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>> replica:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>>>>>> unknown error.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Replication will only work to a SunDS, not to any other
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>> vendor.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>>>>>> My question is: Is there way how to setup proxy to
>>>>>>>>>>>>>>>>> access
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>> another
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>>>>> LDAP
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> server from Fedora DS? I know that is possible to use
>>>>>>>>>>>>>>>>>
>> AD
>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>> sync,
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>>>> but
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>> I
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> cannot install anything on the AD server. The second
>>>>>>>>>>>>>>>>> reason why
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>> I
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>>>>> need
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> to setup proxy is to use data stored in LDAP server
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>> (OpenLDAP,
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>>>>>>>>> Open Direcoty Server and Active Directory) in one
>>>>>>>>>>>>>>>>>
>> place.
>>
>>>> I
>>>>
>>>>
>>>>>>>>>>>>>>>>> need
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>> to
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>> update
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> them too. It is not necessary to synchronize passwords.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> See also
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>> http://directory.fedoraproject.org/wiki/Howto:OpenldapIntegration
>>>>
>>>>
>>>>>>>>>>
>>>>>>>>>>>>>>>>> Thank you for reply.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Michal
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Fedora-directory-users mailing list
>>>>>>>>>>> Fedora-directory-users at redhat.com
>>>>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-
>>>>>>>>>>>
>> users
>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Fedora-directory-users mailing list
>>>>>>>>> Fedora-directory-users at redhat.com
>>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>> -----------------------------------------------------------------
>>>>>>>
>> -
>>
>>>>>>> -
>>>>>>>
>>>>>>>
>>>> -
>>>>
>>>>
>>>>>>> -
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> -
>>>>>>
>>>>>>
>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> --
>>>>>>> Fedora-directory-users mailing list
>>>>>>> Fedora-directory-users at redhat.com
>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>> -------------------------------------------------------------------
>>>>>
>> -
>>
>>>>> -
>>>>>
>>>>>
>>>> -
>>>>
>>>>
>>>>> --
>>>>>
>>>>> --
>>>>> Fedora-directory-users mailing list
>>>>> Fedora-directory-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>>
>>> ---------------------------------------------------------------------
>>>
>> -
>>
>>> --
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090423/d737a453/attachment.bin>
More information about the 389-users
mailing list