[Fedora-directory-users] lagest depoyment?
by Chen Shaopeng
Could someone with experiences in deploying FDS/RHDS (or even before
that) shed some light on your largest deployment of directory?
For example:
- total #users
- average # of concurrent users (at the same time)
- total #objects in the system
- hardware specs
- how many servers
- network topology
- biggest problem encountered
- ...
I'm just trying to get a feel about the hardware requirements.
Numbers from the Sun Directory is ok too.
If you don't mind sharing that.
thanks a lot.
csp
18 years, 4 months
[Fedora-directory-users] help with memory corruption
by speedy zinc
My gnome desktop totally hanged, and out of
frustration,
I just pushed the reset button.
Now I got a memory corruption error when trying to
start
up slapd:
*** glibc detected *** malloc(): memory corruption:
0x08176080 ***
slapd-neo/start-slapd: line 33: 7560 Aborted
./ns-slapd -D /opt/fedora-ds/slapd-neo -i
/opt/fedora-ds/slapd-neo/logs/pid -w $STARTPIDFILE
"$@"
Couldn't find anything about cleaning up corrupted
data
in the admin guide. Could someone tell what's this
error about?
Now I wonder, if I can get this kind of corruption
that
easily, how would people handle it in real production
environment? If I get a sudden power outage, or the
cleaning guy just trips on the power cord, and boom,
the server won't start. That's not pretty, isn't it?
thanks
sz
__________________________________
Start your day with Yahoo! - Make it your home page!
http://www.yahoo.com/r/hs
18 years, 4 months
[Fedora-directory-users] more than one base domain?
by speedy zinc
Is it possible to create more than one base domain in
one directory server? For example, can I have
dc=alpha,dc=com
and
dc=beta,dc=com
on the same directory, and then search through
ldapsearch -b "dc=alpha,dc=com" ...
and
ldapsearch -b "dc=beta,dc=com" ...
The console does not seem to allow that. I wonder
though.
thanks
sz
__________________________________
Start your day with Yahoo! - Make it your home page!
http://www.yahoo.com/r/hs
18 years, 4 months
[Fedora-directory-users] Re: help for building FDS
by speedy zinc
Whoa, your replies already showed up in the archive,
and I haven't received yet. What kind of email server
does yahoo have???
Anyway, following Rob's suggestion, I did the patch,
and it can get pass that issue.
Rich, I have perl in my path (perl v5.8.3), but I
don't think the build script actually generated the
files oiddata.h/c. Both files are there, but the last
modify time seems to date back to 2002-01-04. And the
oidgen.perl is there too.
Now, I'm getting a new problem:
rm -f .libs/client.lo
cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include
-I../plugins -I../include
-I/tmp/fedora-ds-build/include
-I/tmp/fedora-ds-build/include
-I/tmp/fedora-ds-build/include -Wall -W
-I/tmp/fedora-ds-build/include
-L/tmp/fedora-ds-build/lib -O2 -pipe
-I/tmp/fedora-ds-build/include
-L/tmp/fedora-ds-build/lib -O2 -pipe
-I/tmp/fedora-ds-build/include
-L/tmp/fedora-ds-build/lib -O2 -pipe -MT client.lo -MD
-MP -MF .deps/client.Tpo -c client.c -fPIC -DPIC -o
.libs/client.lo
client.c:64: error: static declaration of
'global_callbacks' follows non-static declaration
saslint.h:112: error: previous declaration of
'global_callbacks' was here
make[4]: *** [client.lo] Error 1
make[4]: Leaving directory
`/home/csp/redhat/dsbuild/ds/cyrus-sasl/work/cyrus-sasl-2.1.20/lib'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory
`/home/csp/redhat/dsbuild/ds/cyrus-sasl/work/cyrus-sasl-2.1.20'
make[2]: *** [all] Error 2
make[2]: Leaving directory
`/home/csp/redhat/dsbuild/ds/cyrus-sasl/work/cyrus-sasl-2.1.20'
make[1]: *** [build-work/cyrus-sasl-2.1.20/Makefile]
Error 2
make[1]: Leaving directory
`/home/csp/redhat/dsbuild/ds/cyrus-sasl'
make: *** [dep-../../ds/cyrus-sasl] Error 2
:(
thx
sz
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
18 years, 4 months
Re: [Fedora-directory-users] Second Try:
by Daniel Shackelford
Date: Mon, 14 Nov 2005 07:55:26 -0700
From: Richard Megginson <rmeggins(a)redhat.com>
Subject: Re: [Fedora-directory-users] Second Try:
The sync code doesn't support this. You would have to add those extra
objectclasses and attributes to the windows sync code. Look at
http://cvs.fedora.redhat.com/viewcvs/ldapserver/ldap/servers/plugins/repl...
This is the list of attributes and objectclasses that get synced.
Thank you, that is exactly what I needed to know.
Cheers!
--
Daniel Shackelford
Systems Administrator
Technology Services
Spring Arbor University
517 750-6648
"For even the Son of Man did not come to be served, but to serve, and to give His life a ransom for many"
Mark 10:45
18 years, 4 months
[Fedora-directory-users] Second Try:
by Daniel Shackelford
I sent this earlier to the list, but it seemed to have been lost amidst
the setup/compile/authentication questions:
Hello All.
I have successfully setup Directory Server on FC4 and am
replicating/syncing with our Active Directory Domain. No problems
there. What I would like to know is if there is a way to replicate more
attributes of the users, or extent the ntUser part of the schema and
have those changes also replicated. We use the employeeID attribute in
AD, and I would like to replicate that to DS. Anybody know if there is
a way to configure what attributes are replicated? Obviously in a DS
=>DS replication environment, all attributes will be replicated, but
what about DS =>AD?
Anyone have any experience in this area?
--
Daniel Shackelford
Systems Administrator
Technology Services
Spring Arbor University
517 750-6648
"For even the Son of Man did not come to be served, but to serve, and to give His life a ransom for many"
Mark 10:45
18 years, 4 months
[Fedora-directory-users] probleme with replication
by basile
i try to do single master replication
i use redhat documention , but when i try to initialize consumer
i have: " replication error acquiring replica: permisssion denied.Error
code: 3 "
and on the consumer :
" NSMMReplicationPlugin - conn =2 op=5 replica "dc=mysite,dc=fr" unable
to acquire replica: error ; permission denied "
the database i want to replique is read only on the consumer
if someone has got an idea , i try many things , read many time the
redhat manual but
it don t work
thanks
basile
18 years, 4 months
[Fedora-directory-users] Can't authenticate to directory server
by Mont Rothstein
I can't authenticate to my directory server from another machine.
My directory server is running on RedHat ES4. I am trying to use Secure
authentication (NTLM?) from a Windows C# .NET application. I suspect my
problem is one of incorrect configuration on the directory server side.
I can access the directory server from the Windows app using anonymous
access.
I created a user in the directory server and added that user to the
Directory Administrators Group's ACI. I also added the IP address of the
machine I am trying to communicate from to the Hosts list in the Directory
Administrators Group ACI.
I can login to the console using my user
(uid=mont,ou=people,dc=foray,dc=com) on my Linux server. I have tried
logging in from the Windows app using both the full RDN and simply the user
name "mont". Neither work.
Any ideas as to what needs to be done to enable authentication from a remote
machine would be greatly appreciated.
Thanks,
-Mont
18 years, 4 months
[Fedora-directory-users] Fedora DS and a C# .NET app
by Mont Rothstein
Hello,
I have just started working with Fedora Directory Server (still going
through all of the docs and install) and I realized that something I want to
do may not be possible. I was hoping someone on this list could tell me if
what I want to do can or can not be done.
We have a Windows C# .NET WinForms application. What we want to do is to
authenticate users to a Fedora DS that we setup and then control their
access rights based on settings in the DS. The trick is that the users may
or may not be on an AD domain, and in either case we will not be their
primary DS, only the one used for our application. Furthermore, we don't
want them to have to sign in to out application, only to their computer.
In short, is it possible to authenticate a Windows user to a Fedora DS using
their standard Windows login info?
I hope this is clear.
Thanks,
-Mont
18 years, 4 months
[Fedora-directory-users] Joins domain, won't logon.
by James van Zeeland
Hi.
Up to date FC4 install + Fedora Directory + Samba + VMware , on HP ML150
dual 3.0G Xeons w/ 2Gb
Boots as a Directory server, and then on start of X logs in as vmware
user which starts a VMware only session (no window manager) and launches
a 2003 terminal server. Files are served from samba on the linux host.
Up till now users have been happilly using old workstations in workgroup
mode with syncd passwds, no problemo. I can't see anything in smb.conf
to explain this behaviour :
2003 Terminal server was built, intended to be the first genuine domain
member. It happilly joined the domain, but on attempt to login, reports
"Cannot log you in now because the domain <DOMNAME> is unavailable"
But it is available. Or should be.
Sorry, do not have the config files immediately on hand ( no remote
access yet - new installation)
Thought I'd throw a feeler out and see if anyone can tell me what can
cause this behaviour.
I read about a samba bug that caused something like this (machine
accounts must be stored in the same ou as users, but this was supposedly
fixed around samba 3.0.11 and I'm on 3.0.14something here.)
I have smbldap-tools installed, behaviour is same manually creating
machine account or letting it be created by samba.
I also had trouble with WINS support throwing a bad IP address (not even
inside the subnet) into the mix. No idea where that came from; Disabling
WINS (don't need it yet) fixed that, but the domain not available on
attempted login has me scratching my head.
I also read about DNS sometimes causing this, but the FQDN for both
machines my-server1.mydomain.local and my-appserver1.mydomain.local both
resolve without a problem.
I don't know what's wrong and am considering removing the directory and
SAMBA and taking the network down to reconfigure them from scratch
because somethings wack.
Of note : when loggged in as local administrator, password sync'd with
PDC, map some network drives, then attempt to join the machine to the
domain, it will FAIL reporting that multiple connections using different
credentials are a no-no.
J
18 years, 4 months