[Fedora-directory-users] Replication multiple suffixes
by Jo De Troy
Hello,
I was wondering what the best way to setup multi-master replication was when
multiple suffixes exist on each supplier.
Should we first setup each supplier with the same root suffix in the
userRoot DB, then setup replication. Then create the 2nd suffix in a
separare database and setup replication for this suffix ...
I'm currently trying to use the mmr script to setup replication without succes.
I have 2 Fedora DS servers running each with a different suffix in
their userRoot and would like to setup replication te each other.
Thanks in advance,
Jo
16 years, 11 months
[Fedora-directory-users] Is it possible to use events to create homedirs when user entry is created or deleted?
by Kimmo Koivisto
Hello
I have small environment with one FDS server and one application
server, both RHEL4ES. FDS server provides ldap authentication and home
directories for app server with ldap and nfs.
I administrate users and groups with phpldapadmin or windows based
ldapadmin, everything is working fine.
When I add new user to the FDS, I have to create home directory for
that user manually, set permissions and copy /etc/skel files.
I would like to do home directory administration tasks automatically
when user is added or deleted from FDS.
One solution (I don't like this) is that I use some command line ldap
capable adduser instead of ldapadmin or phpldapadmin.
Does FDS have any event support that I could use or are there any
existing solutions for this problem?
Best Regards
Kimmo Koivisto
17 years
[Fedora-directory-users] Problems Setting up 1.0.3
by Steve Rigler
I'm attempting to install 1.0.3 on an x86_64 machine running CentOS 4.4.
Once the rpm is installed, I run the setup script, answer the questions
and then the setup script does nothing (currently it's sitting at a
screen that says "Fedora Project Directory Installation/Uninstallation"
and nothing else).
I can see the following processes:
root 4916 4820 0 11:07 pts/0 00:00:00 /bin/sh /opt/fedora-
ds/setup/setup
root 5004 4916 0 11:07 pts/0 00:00:00 ./ns-config -
f /tmp/setupyd4964 -l /tmp/logMS4919 -m 3
I'm not sure what else to look for at this point. I had previously been
running 1.0.2 on this machine without any issues.
Thanks,
Steve
17 years, 1 month
[Fedora-directory-users] Trouble getting windows to talk to fds
by Bliss, Aaron
Hi everyone,
I'm having trouble with the directions in the wiki that deals with
getting windows to sync with fds; I'm having trouble with this step;
there are 2 files in my /opt/fedora-ds/alias file; 1 is the cert
database, the other is the key database; are either of these the
parameters that I'm suppose to be passing the -P option below? Thanks
for your help.
Aaron
* From your Fedora Directory Server, export the server certificate
using pk12util.
cd "/opt/fedora-ds/alias/"
pk12util -d . -P slapd-<instance> -o servercert.p12 -n Server-Cert
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
17 years, 1 month
[Fedora-directory-users] Upgrade from 7.1-2 to 1.0.3
by Aaron Cline
It would seem that my LDAP is up and running but I'm still trying to finish
the upgrade process as outlined here:
http://directory.fedora.redhat.com/wiki/Install_Guide#Upgrading_from_the_...
Specifically I'm told to run the following commands:
cd /opt/fedora-ds/slapd-yourhost
./db2ldif -U -s o=netscaperoot -o /tmp/nsroot.ldif
After doing the above command, I get the following error:
[root@low-mgt-101 slapd-low-mgt-101]# ./db2ldif -U -s o=netscaperoot -o
/tmp/nsroot.ldif
usage: ns-slapd db2ldif -D instancedir [-n backend-instance-name] [-d
debuglevel] [-N] [-a outputfile] [-r] [-C] [{-s includesuffix}*] [{-x
excludesuffix}*] [-u] [-U] [-m] [-M] [-E]
Note: either "-n backend_instance_name" or "-s includesuffix" is required.
Can someone help me out?
Thanks,
Aaron
17 years, 1 month
[Fedora-directory-users] password change vs password reset
by Jo De Troy
Hello,
I was wondering if FedoraDS makes a difference between a password
reset (by an admin) and a password change (by an end user).
Does this translate in different behaviour wrt password policies
(minimum age of a password)?
Which command should be used to get the different behaviour?
What I'm looking for is to allow and admin to reset a user's password
whenever but at the same time let the enduser only modify his password
once a day.
Would ldappasswd have different behaviour depending on the binddn being used?
Thanks in advance,
Jo
17 years, 1 month
[Fedora-directory-users] RPM/SRPM issues and old RHEL
by Oliver Hookins
Hi there,
I'm trying to get started testing out Fedora Directory Server with the
goal of replacing our OpenLDAP infrastructure. Most of our servers are
RHEL3/4 so there are no big issues there since there are already
prepackaged binary RPMS for those platforms.
But we do have two RHEL2.1 server which we will definitely need packages
for in order to do any migration to FDS. Upgrading these servers to
RHEL3/4 is not an option. Looking at the spec file of the SRPM from
RHEL3 it seems like dependencies won't be a problem, the spec file
itself is a mess and doesn't come close to building everything (which I
understand is a work in progress).
So my questions are: has anyone got FDS running well on RHEL2.1 (either
by compiling directly from source, shoehorning the RPM from RHEL3 or
building the RPM from the SRPM)? Has anyone written their own spec file
from scratch to build FDS in its entirety from sources? I also wanted to
change the installation prefix from /opt so getting a working and
complete spec file would be very desirable.
--
Regards,
Oliver Hookins
Anchor Systems
17 years, 1 month
[Fedora-directory-users] Question on enabling ssl passync between windows and fds
by Bliss, Aaron
Hi everyone,
I'm attempting to get password synchronization to work between fds and
active directory; per the following document
http://directory.fedora.redhat.com/wiki/Howto:WindowsSync#Test_to_make_s
ure_you_can_talk_SSL_from_Fedora_Directory_to_AD , I now have my AD box
listening on port 636 as outlined in the section "With TinyCA2"; I have
also installed a certificate for the fds box as prescribed here
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1085091
including the section marked "Trust the Cerficate Authority"; my
question is, since both the AD box and FDS box trust my certificate
authority setup with tinyCA, I believe then each box would inherently
trust each other's certificates? If so, have I already achieved the
steps listed below the section marked "Enabling SSl for PASSSync" in the
first document above, or do I still need to proceed with that section
even though the AD box and FDS box have certificates signed from the
same root CA? Thanks very much for your help with this.
Aaron
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
17 years, 1 month
[Fedora-directory-users] password reset and policies
by Jo De Troy
Hello,
I was wondering which command I need to use via Perl to be able to
reset a user's password when the user him/her self cannot reset
his/her password because of the password policy (min age 1 day) I have
noticed that when executing the ldappasswd command as Drrectory
Manager I cannot reset the password.
Can FedoraDS see the difference between a password reset (by an
administrator) and a change (by an enduser)? Which command should I
use as admin from a perl script to get this kind of behaviour?
Thanks again,
Jo
17 years, 1 month
