[Fedora-directory-users] init script failure and ulimit
by Del
Hi,
The first of the init scripts, here:
http://directory.fedora.redhat.com/wiki/Howto:SysVInit
(URL to script: http://www.directory.fedora.redhat.com/download/FedoraDirectoryServer-init.d)
... does not start the Fedora Directory Server on boot if the system ulimit
has been changed before the installation of FDS. If FDS detects a higher
ulimit then it will write:
(e.g.)
nsslapd-maxdescriptors: 8192
to:
/opt/fedora-ds/slapd-(servername)/config/dse.ldif
So that when the script above is run during bootup, the following message
will be generated in the logs, and FDS won't start:
dse - The entry cn=config in file /opt/fedora-ds/slapd-fc3-dbw-1/config/dse.ldif
is invalid, error code 53 (DSA is unwilling to perform) - nsslapd-maxdescriptors:
invalid value 8192, maximum file descriptors must range from 1 to 1024 (the
current process limit)
To fix this, insert the string:
ulimit -n 8192
... somewhere near the top of the script. e.g.:
myName=`basename $0`
fdsRoot="/opt/fedora-ds"
ulimit -n 8192
This problem is likely to be caused because the /opt/fedora-ds/setup/setup
script emits the following messages if it detects a low ulimit:
WARNING: There are only 1024 file descriptors (hard limit) available, which
limit the number of simultaneous connections.
WARNING: There are only 1024 file descriptors (soft limit) available, which
limit the number of simultaneous connections.
Changing the ulimit to 8192 in /etc/security/limits.conf makes the above
setup problem go away but then causes the startup script to fail.
--
Del
18 years, 4 months
RE: [Fedora-directory-users] Admin Console
by Jason Hane
A quote from Tony Molloy (I had this same problem yesterday):
Try ./startconsole -x nologo
The splash screen is hiding the login screen.
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Jim
Summers
Sent: Wednesday, December 14, 2005 10:09 AM
To: fedora-directory-users
Subject: [Fedora-directory-users] Admin Console
Hello List,
New to the list here and just beginning to evaluate the fedora-directory
server. I have been running Sun's iplanet DS5.1 for a couple of years
now and would like to migrate away from that platform.
Installed Sun Java 1.5.0.4
I installed the 1.0.1 binary and then ran setup.
Then when attempting to start the admin console, the blue Fedora
Directory Server / Please Login logo box is displayed. But the next
window where login info can be entered is never displayed. It hangs
until I go back a do a Ctrl-C.
Ideas or suggestions on what I may have overlooked?
TIA
--
Jim Summers
School of Computer Science-University of Oklahoma
-------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
18 years, 4 months
[Fedora-directory-users] Unable to import ldif from OpemLDAP
by Taymour A. El Erian
All,
I am trying to add an entry exported from OpenLDAP but I keep
getting the error
Error adding object 'dn: ou=email,o=xyz,c=eg'. The error sent by the
server was 'No such object'. The object is: LDAPEntry:
ou=email,o=xyz,c=eg; LDAPAttributeSet: LDAPAttribute {type='ou',
values='email'} LDAPAttribute {type='objectclass',
values='top,organizationalUnit'}.
The ldif is:
dn: ou=email,o=xyz,c=eg
objectClass: top
objectClass: organizationalUnit
ou: email
I already created the suffix o=xyz,c=eg from the admin console.
--
Taymour A El Erian
System Division Manager
RHCE, LPIC, CCNA, MCSE, CNA
TE Data
E-mail: taymour.elerian(a)tedata.net
Web: www.tedata.net
Tel: +(202)-4166600
Fax: +(202)-4166700
Ext: 1101
18 years, 4 months
[Fedora-directory-users] More problems building on Solaris 10: icu library ignored
by Graham Leggett
Hi all,
Having got further down the build, it now bombs out as below.
It seems that the icu library is not included in the -I parameters.
Anyone know what should be done at this point?
# new unix installer
# passing ../built/SunOS5.10_i86pc_OPT.OBJ as ORIGINAL_OBJDIR since
USE_64 info is cleaned up
# and lost in cm/newinst
cd cm/newinst; gmake BUILD_OPT=1 NO_JAVA=1 -w
ORIGINAL_OBJDIR=/root/src/ldap/ldapserver/built/SunOS5.10_i86pc_OPT.OBJ all
gmake[2]: Entering directory `/root/src/ldap/ldapserver/ldap/cm/newinst'
mkdir -p ../../../built/SunOS5.10_i86pc_OPT.OBJ/dsadmin/obj
CC -DSOLARIS -DSVR4 -D__svr4 -D__svr4__ -D_SVID_GETTOD -DOSVERSION=5010
-DNO_NODELOCK -DNO_LIBLCACHE -DXP_UNIX -DSOLARISx86 -xO2 -DMCC_HTTPD
-DNS_DOMESTIC -DNET_SSL -DCLIENT_AUTH -DSERVER_BUILD -DNSPR20
-D_PR_NTHREAD -D_REENTRANT -DNS_DS -DSPAPI20 -DBUILD_NUM=\"2005.347.97\"
-DOS_solaris -DUPGRADEDB -Dsunos5x86 -D_REENTRANT -DSVR4 -DLDAP_DEBUG
-DLDAP_REFERRALS -DLDAP_LDBM -DLDAP_LDIF -DLDBM_USE_DBBTREE
-DSLAPD_PASSWD_SHA1 -DLDAP_SSLIO_HOOKS -D__DBINTERFACE_PRIVATE
-DNO_LIBLCACHE -DNS_DIRECTORY -O -I../../../ldap/include
-I../../../built/SunOS5.10_i86pc_OPT.OBJ/include -I../../../include
-I../../../include
-I../../../../mozilla/dist/SunOS5.10_i86pc_OPT.OBJ/include
-I../../../../mozilla/dist/public/dbm
-I../../../../mozilla/dist/public/nss
-I../../../../mozilla/dist/public/svrcore
-I../../../../mozilla/dist/public/ldap
-I../../../../cyrus-sasl-2.1.20/include
-I../../../../setuputil/built/package/SunOS5.10_i86pc_OPT.OBJ/include
-I../../../ldap/admin/include -I../../../ldap/admin/lib
-I../../../ldap/admin/src -c ux-dialog.cc -o
../../../built/SunOS5.10_i86pc_OPT.OBJ/dsadmin/obj/ux-dialog.o
"ux-dialog.cc", line 68: Error: Could not open include file "utf8.h".
"ux-dialog.cc", line 69: Error: Could not open include file "ux-util.h".
"ux-dialog.cc", line 70: Error: Could not open include file "dialog.h".
"ux-dialog.h", line 42: Error: Could not open include file "dialog.h".
"ux-dialog.h", line 43: Error: DialogYesNo is not defined.
"ux-dialog.h", line 44: Error: DialogInput is not defined.
"ux-dialog.h", line 45: Error: DialogInput is not defined.
"ux-dialog.h", line 46: Error: DialogInput is not defined.
"ux-dialog.h", line 47: Error: DialogYesNo is not defined.
"ux-dialog.h", line 48: Error: DialogInput is not defined.
"ux-dialog.h", line 49: Error: DialogInput is not defined.
"ux-dialog.h", line 50: Error: DialogInput is not defined.
"ux-dialog.h", line 51: Error: DialogYesNo is not defined.
"ux-dialog.h", line 52: Error: DialogInput is not defined.
"ux-dialog.h", line 53: Error: DialogInput is not defined.
"ux-dialog.h", line 54: Error: DialogInput is not defined.
"ux-dialog.h", line 55: Error: DialogYesNo is not defined.
"ux-dialog.h", line 56: Error: DialogYesNo is not defined.
"ux-dialog.h", line 57: Error: DialogYesNo is not defined.
"ux-dialog.h", line 58: Error: DialogInput is not defined.
"ux-dialog.h", line 59: Error: DialogYesNo is not defined.
"ux-dialog.h", line 60: Error: DialogInput is not defined.
"ux-dialog.h", line 61: Error: DialogInput is not defined.
"ux-dialog.h", line 62: Error: DialogInput is not defined.
"ux-dialog.h", line 63: Error: DialogInput is not defined.
Compilation aborted, too many Error messages.
gmake[2]: ***
[../../../built/SunOS5.10_i86pc_OPT.OBJ/dsadmin/obj/ux-dialog.o] Error 1
gmake[2]: Leaving directory `/root/src/ldap/ldapserver/ldap/cm/newinst'
gmake[1]: *** [ldapprogs] Error 2
gmake[1]: Leaving directory `/root/src/ldap/ldapserver/ldap'
gmake: *** [buildDirectory] Error 2
Regards,
Graham
--
18 years, 4 months
RE: [Fedora-directory-users] Problem Uninstalling and Reinstalling
by Jason Hane
You guys rock. Thanks a lot!
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Tony
Molloy
Sent: Tuesday, December 13, 2005 2:00 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Problem Uninstalling and
Reinstalling
On Tuesday 13 December 2005 18:18, Jason Hane wrote:
> I uninstalled and removed /opt/fedora-ds on RHEL 4. I was running
7.2.
> I installed Sun JDK 1.5.06, made JAVA_HOME=/usr/java/jdk1.5.0_06 and
> installed Directory Server 1.0.1. Now when I try to go to the
> console, it hangs on the splash screen and it says "Please log in...".
> Has anyone had this problem before or know how I can proceed?
>
> Thanks,
> Jason
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
Try ./startconsole -x nologo
The splash screen is hiding the login screen.
Tony
--
Tony Molloy.
Dept. of Comp. Sci.
University of Limerick
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
18 years, 4 months
[Fedora-directory-users] Problem Uninstalling and Reinstalling
by Jason Hane
I uninstalled and removed /opt/fedora-ds on RHEL 4. I was running 7.2.
I installed Sun JDK 1.5.06, made JAVA_HOME=/usr/java/jdk1.5.0_06 and
installed Directory Server 1.0.1. Now when I try to go to the console,
it hangs on the splash screen and it says "Please log in...". Has
anyone had this problem before or know how I can proceed?
Thanks,
Jason
18 years, 4 months
[Fedora-directory-users] Problems building on Solaris 10
by Graham Leggett
Hi all,
I am trying to build Fedora DS on a Solaris 10/Intel machine, and have
run into some trouble with a cyrus-sasl2 dependency.
While building ldapserver, I get this:
CC -DSOLARIS -L../../../built/SunOS5.10_i86pc_OPT.OBJ/lib
-R,../bin/slapd/lib:.:../lib:../../lib:../../../lib:../../../../lib -o
../../../built/release/SunOS5.10_i86pc_OPT.OBJ/bin/slapd/server/ns-slapd
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/abandon.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/bind.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/compare.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/config.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/connection.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/daemon.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/sasl_io.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/detach.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/globals.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/house.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/init.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/monitor.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/saslbind.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/search.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/strdup.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/tempnam.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/unbind.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/extendop.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/rootdse.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/configdse.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/pw_mgmt.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/auth.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/psearch.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/conntable.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/stubs.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/protect_db.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/fileio.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/lite_entries.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/getopt_ext.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/start_tls_extop.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/passwd_extop.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/fedse.o
../../../built/SunOS5.10_i86pc_OPT.OBJ/servers/obj/main.o -lmtmalloc
-L../../../built/release/SunOS5.10_i86pc_OPT.OBJ/bin/slapd/server
-lslapd -lldapu -L../../../../mozilla/dist/SunOS5.10_i86pc_OPT.OBJ/lib
-lssl3 -lnss3 -lsoftokn3 -L../../../../mozilla/dist/lib -lssldap50
-lldap50 -lprldap50
-L../../../../mozilla/dist/SunOS5.10_i86pc_OPT.OBJ/lib -lplc4 -lplds4
-lnspr4 -L../../../../mozilla/dist/SunOS5.10_i86pc_OPT.OBJ/lib -ldbm
-lavl -lldif -llitekey -lresolv -lsocket -lnsl -lgen -ldl -lposix4 -lw
-lthread -L../../../../mozilla/dist/SunOS5.10_i86pc_OPT.OBJ/lib
-lsvrcore -L../../../../cyrus-sasl-2.1.20/lib -lsasl2
-L../../../../db-4.2.52.NC/built/.libs -ldb-4.2
ld: warning: file libucb.so.1: required by
../../../built/release/SunOS5.10_i86pc_OPT.OBJ/bin/slapd/server/libslapd.so,
not found
Undefined first referenced
symbol in file
gss_inquire_context
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
gss_display_status
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
gss_import_name
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
GSS_C_NT_USER_NAME
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
GSS_C_NT_HOSTBASED_SERVICE
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
gss_accept_sec_context
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
gss_unwrap
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
gss_wrap
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
gss_delete_sec_context
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
gss_release_buffer
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
gss_compare_name
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
gss_display_name
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
gss_acquire_cred
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
gss_wrap_size_limit
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
gss_init_sec_context
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
gss_release_cred
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
gss_release_name
../../../../cyrus-sasl-2.1.20/lib/libsasl2.a(gssapi.o)
ld: fatal: Symbol referencing errors. No output written to
../../../built/release/SunOS5.10_i86pc_OPT.OBJ/bin/slapd/server/ns-slapd
gmake[3]: ***
[../../../built/release/SunOS5.10_i86pc_OPT.OBJ/bin/slapd/server/ns-slapd]
Error 1
gmake[3]: Leaving directory `/root/src/ldap/ldapserver/ldap/servers/slapd'
Cycus-sasl was build with the following options:
./configure --enable-gssapi --enable-static --without-des
--without-openssl --disable-shared
And yet despite being built statically, cyrus-sasl has left out the code
from libgss.so, and ldapserver isn't picking up the code from libgss.so
either, even though libgss.so is installed in /usr/lib.
Can anyone give me a clue as to what I am doing wrong?
Regards,
Graham
--
18 years, 4 months
RE: [Fedora-directory-users] Public key based authentication with Redhat Directory Server
by Tay, Gary
Pls take a look at:
OpenSSH LDAP Public Key Patch
http://www.opendarwin.org/projects/openssh-lpk/
If you have success installing and using it, pls share with us later.
Gary
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Jimmy
Sent: Tuesday, December 13, 2005 1:05 AM
To: fedora-directory-users(a)redhat.com
Subject: Re: [Fedora-directory-users] Public key based authentication
with Redhat Directory Server
> Jimmy wrote:
>> Hello,
>>
>> Is it possible with Redhat Directory Server to use public key
>> authentication for all our Linux based servers?.
I am looking to setup a central authentication scheme. So that all of
the technical staff can use key based authentication from a central
location.
>
> sure. have you started reading this ?.
> http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#996824
I dont think thats what im trying to do.
We want to use public key based authentication with SSH, However that
then needs to authenticate against the OS. I was wondering if there was
any built in method to do that. It appears as though I will have to
patch all of the OpenSSH daemons to make that work. However that still
leaves the server to support the keys in the structure.
>
> --Chandra
>
>> Currently we have it
>> setup individually for each system. However we would like to go to a
>> centrally managed solution to keep it easy and allow us to scale much
>> more effectivly.
>>
>> Any advice would be great.
>>
>> Regards,
>>
>> Jimmy
>>
>> --
>> Fedora-directory-users mailing list Fedora-directory-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>
> --
> Fedora-directory-users mailing list Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
--
Fedora-directory-users mailing list Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
18 years, 4 months
