[389-users] Getting started with 389 DS

harry.devine at faa.gov harry.devine at faa.gov
Mon Oct 25 15:29:46 UTC 2010


Right now, we have 4 Windows servers: 2 Domain controllers (1 of which is 
serving as the Terminal Server License server), 1 general purpose 
workstation for users to Remote Desktop into, and 1 server that runs 
Citrix Presentation server.  We also have 2 linux servers that we connect 
to that we have configured to contact our domain controller for 
authentication.

We really aren't using most of the features that AD has/provides.  Just 
basic user authentication, which is why we thought we could easily move to 
389 DS.  If we do, we figured that we could keep the Citrix server around 
and have it contact the new DS server for authentication.  Maybe keep the 
1 domain controller as a member server that still does the license 
services.

We're not opposed to scrapping AD though.  If we have to migrate over 
users manually, or via an ldif file that we script/create, we can do that. 
 Right now, we're just trying to get familiar with the features of 389 DS.

Thanks,
Harry

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine at faa.gov



From:
Richard Megginson <rmeggins at redhat.com>

To:
"General discussion list for the 389 Directory server project." 
<389-users at lists.fedoraproject.org>
Date:
10/25/2010 11:17 AM
Subject:
Re: [389-users] Getting started with 389 DS
Sent by:
389-users-bounces at lists.fedoraproject.org




----- "harry devine" <harry.devine at faa.gov> wrote:

> Thanks. I'll keep that in mind. While I have your attention, can I ask
> another question since I'm progressing along? What I ultimately want
> to do is migrate from Microsoft Active Directory 2003 to 389 Directory
> Server. I was reading up on how to export to an ldif file using
> ldifde. However, when I try to import the ldif file into my test 389
> DS, I get an error for each user that says "entry <xxxx> has unknown
> object class "user" " (the <xxxx> is the CN= entry for that user).
> 
> All I've found in the docs online so far is how to sync between the DS
> and AD. I don't want to sync; I want to basically migrate. I can't
> find how to do that. Any thoughts?

The schema that AD uses is very different from the schema that 389 uses. 
You'll have to do some scripting to get the data in the right format, and 
a lot of trial and error.  I don't know if there are AD to LDAP migration 
scripts out there.

Also, you can't just replace AD with 389 if you need to support a Windows 
network.  AD does a lot more than just an LDAP server.

> 
> Thanks!
> Harry
> 
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218
> Harry.Devine at faa.gov
> 
> 
>                From:           Rich Megginson <rmeggins at redhat.com>
> 
>                To:             "General discussion list for the 389 
Directory server project."
> <389-users at lists.fedoraproject.org>
>                Cc:             389-users-bounces at lists.fedoraproject.org
>                Date:           10/25/2010 10:25 AM
>                Subject:                Re: [389-users] Getting started 
with 389 DS
>                Sent by: 389-users-bounces at lists.fedoraproject.org
> 
> 
> 
> 
> harry.devine at faa.gov wrote:
> >
> > Just a follow up: I was able to log in. I turned off the software
> > firewall and used "cn=Directory Manager" as the User ID and was able
> > to log in. This machine is isolated so there's low risk in having
> the
> > firewall off. When I get further along, I can turn it back on with
> > 9830 added as a acceptable port I suppose.
> Yes. You will need to open 389, 636, and 9830
> >
> > Thanks for the help, and sorry about the noise.
> > Harry
> >
> > Harry Devine
> > Common ARTS Software Development
> > AJT-144
> > (609)485-4218
> > Harry.Devine at faa.gov
> >
> >
> > From: Rich Megginson <rmeggins at redhat.com>
> > To: "General discussion list for the 389 Directory server project."
> > <389-users at lists.fedoraproject.org>
> > Date: 10/22/2010 04:29 PM
> > Subject: Re: [389-users] Getting started with 389 DS
> > Sent by: 389-users-bounces at lists.fedoraproject.org
> >
> >
> >
> ------------------------------------------------------------------------
> >
> >
> >
> > harry.devine at faa.gov wrote:
> > >
> > > I just installed 389 DS on a laptop running CentOS 5.4 to start
> > > getting familiar with it. I got it installed correctly (answered
> all
> > > of the questions in the setup-ds-admin.pl script, verified that
> the
> > > dirsrv and dirsrv-admin services are running), but when I run the
> > > 389-console, I can't log in. I'm entering the username and
> password
> > > that I used in the setup script, but I keep getting "Cannot login
> > > because of an incorrect User ID, incorrect password, or Directory
> > > problem. java.io.InterruptedIOException: HTTP response timeout".
> > Check the logs - what is in /var/log/dirsrv/admin-serv/error?
> > /var/log/dirsrv/slapd-YOURINSTANCE/errors?
> > /var/log/dirsrv/slapd-YOURINSTANCE/access?
> >
> > You can also run the console with -D 9 -f console.log to get more
> > verbose output
> > >
> > > What am I doing wrong? I'm trying to follow the docs at
> > > http://directory.fedoraproject.org/wiki/Documentation but they
> seem to
> > > jump all over the place. I did find a tutorial at
> > >
> http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/ ,
> > > but I'm stuck at the first step under "Administering 389 Directory
> > > Server". Do I have to reinstall the 389 DS? Is there a place that
> I
> > > can clear out/reset the admin password to get in?
> > >
> > > Thanks,
> > > Harry
> > >
> > > Harry Devine
> > > Common ARTS Software Development
> > > AJT-144
> > > (609)485-4218
> > > Harry.Devine at faa.gov
> > >
> ------------------------------------------------------------------------
> > >
> > > --
> > > 389 users mailing list
> > > 389-users at lists.fedoraproject.org
> > > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> 
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> 
> 
> 
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20101025/7a99d6e4/attachment.html>


More information about the 389-users mailing list