[Fedora-directory-users] Ldap api for moving entries
by Pavel 'Blaze' Vinogradov
Hello,
I write LdapManager on java, and use FDS 1.0.2 as Ldap-server and
Novell jLDAP library to work with LDAP-server.
All work good, except entry moving. I try to make LdapModifyDNRequest
to server, but get answer:
Error: LDAPException: Unwilling To Perform (53) Unwilling To Perform
LDAPException: Server Message: server does not support moving of entries
LDAPException: Matched DN:
I don't find any information about features of moving entryes in FDS.
Can you help me with this question?
17 years, 6 months
[Fedora-directory-users] Fedora Directory Server not allowing me to map group names
by cj
Hi all
I sent this previously but I sent it from the wrong email address So I think it was rejected my apologies for that.
I have just install Fedora 5 and installed Fedora Directory Server 1.0.2-1 and samba 3.0.21b-2
I went through the instruction on the provided link below
http://directory.fedora.redhat.com/wiki/Howto:Samba
When it came to
net groupmap add rid=512 ntgroup='Domain Admins' unixgroup='Domain Admins'
I get the following error
Can't lookup UNIX group Domain Admins
Below is the net groupmap add rid=512 ntgroup='Domain Admins' unixgroup='Domain Admins' -d 4 command
[2006/10/19 16:58:04, 3] param/loadparm.c:lp_load(4211)
lp_load: refreshing parameters
[2006/10/19 16:58:04, 3] param/loadparm.c:init_globals(1385)
Initialising global parameters
[2006/10/19 16:58:04, 3] param/params.c:pm_process(574)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2006/10/19 16:58:04, 3] param/loadparm.c:do_section(3666)
Processing section "[global]"
doing parameter workgroup = GLENNIES
doing parameter security = user
doing parameter passdb backend = ldapsam:ldap://ldapserver.glennies.com.au
doing parameter ldap admin dn = cn=Directory Manager
doing parameter ldap suffix = dc=glennies,dc=com,dc=au
doing parameter ldap user suffix = ou=People
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap group suffix = ou=Groups
doing parameter add group script = /usr/sbin/groupadd %g
doing parameter log file = /var/log/%m.log
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
doing parameter os level = 33
doing parameter domain logons = yes
doing parameter domain master = yes
doing parameter local master = yes
doing parameter preferred master = yes
doing parameter wins support = yes
doing parameter logon home = \\%L\%u\profiles
doing parameter logon path = \\%L\profiles\%u
doing parameter logon drive = H:
doing parameter template shell = /bin/false
doing parameter winbind use default domain = no
[2006/10/19 16:58:04, 4] param/loadparm.c:lp_load(4242)
pm_process() returned Yes
[2006/10/19 16:58:04, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.200.150 bcast=192.168.200.255 nmask=255.255.255.0
Can't lookup UNIX group Domain Admins
[2006/10/19 16:58:04, 2] utils/net.c:main(878)
return code = -1
If I add Domain Admins to the file /etc/group
I get the following error
adding entry for group Domain Admins failed!
Below is the net groupmap add rid=512 ntgroup='Domain Admins' unixgroup='Domain Admins' -d 4 command
[2006/10/19 16:56:26, 3] param/loadparm.c:lp_load(4211)
lp_load: refreshing parameters
[2006/10/19 16:56:26, 3] param/loadparm.c:init_globals(1385)
Initialising global parameters
[2006/10/19 16:56:26, 3] param/params.c:pm_process(574)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2006/10/19 16:56:26, 3] param/loadparm.c:do_section(3666)
Processing section "[global]"
doing parameter workgroup = GLENNIES
doing parameter security = user
doing parameter passdb backend = ldapsam:ldap://ldapserver.glennies.com.au
doing parameter ldap admin dn = cn=Directory Manager
doing parameter ldap suffix = dc=glennies,dc=com,dc=au
doing parameter ldap user suffix = ou=People
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap group suffix = ou=Groups
doing parameter add group script = /usr/sbin/groupadd %g
doing parameter log file = /var/log/%m.log
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
doing parameter os level = 33
doing parameter domain logons = yes
doing parameter domain master = yes
doing parameter local master = yes
doing parameter preferred master = yes
doing parameter wins support = yes
doing parameter logon home = \\%L\%u\profiles
doing parameter logon path = \\%L\profiles\%u
doing parameter logon drive = H:
doing parameter template shell = /bin/false
doing parameter winbind use default domain = no
[2006/10/19 16:56:26, 4] param/loadparm.c:lp_load(4242)
pm_process() returned Yes
[2006/10/19 16:56:26, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.200.150 bcast=192.168.200.255 nmask=255.255.255.0
[2006/10/19 16:56:26, 2] lib/smbldap_util.c:smbldap_search_domain_info(228)
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=GLENNIES))]
[2006/10/19 16:56:26, 2] lib/smbldap.c:smbldap_open_connection(722)
smbldap_open_connection: connection opened
[2006/10/19 16:56:26, 3] lib/smbldap.c:smbldap_connect_system(905)
ldap_connect_system: succesful connection to the LDAP server
[2006/10/19 16:56:26, 4] lib/smbldap.c:smbldap_open(969)
The LDAP server is succesfully connected
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
adding entry for group Domain Admins failed!
[2006/10/19 16:56:26, 2] utils/net.c:main(878)
return code = -1
I have looked on the net for the good part of this week trying to find an answer to my problem,
It seems a few other people are having a similar issue, but real no concrete solutions to the problem.
If any one knows what the cause this error is and how to fix it, It would be appreciated.
Regards
CJ
17 years, 6 months
[Fedora-directory-users] userPassword versus Password
by Dave Augustus
I have an external applet that authenticates via LDAP. However, it will
only use the userPassword attribute, not the Password attribute.
How can I tell FDS to use the Password attribute for Passwords?
Thanks,
Dave
17 years, 6 months
[Fedora-directory-users] (no subject)
by cj
Hi all
I have just install Fedora 5 and installed Fedora Directory Server 1.0.2-1 and samba 3.0.21b-2
I went through the instruction on the provided link below
http://directory.fedora.redhat.com/wiki/Howto:Samba
When it came to
net groupmap add rid=512 ntgroup='Domain Admins' unixgroup='Domain Admins'
I get the following error
Can't lookup UNIX group Domain Admins
Below is the net groupmap add rid=512 ntgroup='Domain Admins' unixgroup='Domain Admins' -d 4 command
[2006/10/19 16:58:04, 3] param/loadparm.c:lp_load(4211)
lp_load: refreshing parameters
[2006/10/19 16:58:04, 3] param/loadparm.c:init_globals(1385)
Initialising global parameters
[2006/10/19 16:58:04, 3] param/params.c:pm_process(574)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2006/10/19 16:58:04, 3] param/loadparm.c:do_section(3666)
Processing section "[global]"
doing parameter workgroup = GLENNIES
doing parameter security = user
doing parameter passdb backend = ldapsam:ldap://ldapserver.glennies.com.au
doing parameter ldap admin dn = cn=Directory Manager
doing parameter ldap suffix = dc=glennies,dc=com,dc=au
doing parameter ldap user suffix = ou=People
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap group suffix = ou=Groups
doing parameter add group script = /usr/sbin/groupadd %g
doing parameter log file = /var/log/%m.log
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
doing parameter os level = 33
doing parameter domain logons = yes
doing parameter domain master = yes
doing parameter local master = yes
doing parameter preferred master = yes
doing parameter wins support = yes
doing parameter logon home = \\%L\%u\profiles
doing parameter logon path = \\%L\profiles\%u
doing parameter logon drive = H:
doing parameter template shell = /bin/false
doing parameter winbind use default domain = no
[2006/10/19 16:58:04, 4] param/loadparm.c:lp_load(4242)
pm_process() returned Yes
[2006/10/19 16:58:04, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.200.150 bcast=192.168.200.255 nmask=255.255.255.0
Can't lookup UNIX group Domain Admins
[2006/10/19 16:58:04, 2] utils/net.c:main(878)
return code = -1
If I add Domain Admins to the file /etc/group
I get the following error
adding entry for group Domain Admins failed!
Below is the net groupmap add rid=512 ntgroup='Domain Admins' unixgroup='Domain Admins' -d 4 command
[2006/10/19 16:56:26, 3] param/loadparm.c:lp_load(4211)
lp_load: refreshing parameters
[2006/10/19 16:56:26, 3] param/loadparm.c:init_globals(1385)
Initialising global parameters
[2006/10/19 16:56:26, 3] param/params.c:pm_process(574)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2006/10/19 16:56:26, 3] param/loadparm.c:do_section(3666)
Processing section "[global]"
doing parameter workgroup = GLENNIES
doing parameter security = user
doing parameter passdb backend = ldapsam:ldap://ldapserver.glennies.com.au
doing parameter ldap admin dn = cn=Directory Manager
doing parameter ldap suffix = dc=glennies,dc=com,dc=au
doing parameter ldap user suffix = ou=People
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap group suffix = ou=Groups
doing parameter add group script = /usr/sbin/groupadd %g
doing parameter log file = /var/log/%m.log
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
doing parameter os level = 33
doing parameter domain logons = yes
doing parameter domain master = yes
doing parameter local master = yes
doing parameter preferred master = yes
doing parameter wins support = yes
doing parameter logon home = \\%L\%u\profiles
doing parameter logon path = \\%L\profiles\%u
doing parameter logon drive = H:
doing parameter template shell = /bin/false
doing parameter winbind use default domain = no
[2006/10/19 16:56:26, 4] param/loadparm.c:lp_load(4242)
pm_process() returned Yes
[2006/10/19 16:56:26, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.200.150 bcast=192.168.200.255 nmask=255.255.255.0
[2006/10/19 16:56:26, 2] lib/smbldap_util.c:smbldap_search_domain_info(228)
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=GLENNIES))]
[2006/10/19 16:56:26, 2] lib/smbldap.c:smbldap_open_connection(722)
smbldap_open_connection: connection opened
[2006/10/19 16:56:26, 3] lib/smbldap.c:smbldap_connect_system(905)
ldap_connect_system: succesful connection to the LDAP server
[2006/10/19 16:56:26, 4] lib/smbldap.c:smbldap_open(969)
The LDAP server is succesfully connected
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
[2006/10/19 16:56:26, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2305)
ldapsam_getgroup: Did not find group
adding entry for group Domain Admins failed!
[2006/10/19 16:56:26, 2] utils/net.c:main(878)
return code = -1
I have looked on the net for the good part of this week trying to find an answer to my problem,
It seems a few other people are having a similar issue, but real no concrete solutions to the problem.
If any one knows what the cause this error is and how to fix it, It would be appreciated.
Regards
CJ
17 years, 6 months
[Fedora-directory-users] Root changing user password
by Greg Copeland
I've quickly checked the archive and I can find people having trouble
with users changing their own password but not the other way around.
Here, users can change their own password without issue but root fails.
What do I need to do to allow root, using the passwd command on RHES 4,
to change user passwords?
I've tried setting rootbinddn in my /etc/ldap.conf file. Without an
/etc/ldap.secret file, I observe an error in my logs, complaining about
the missing ldap.secret file. When I create it, the error goes away but
the passwd command still fails with, "passwd: Authentication token
manipulation error". In the logs I can observe, "passwd[23689]:
pam_ldap: error trying to bind (Invalid credentials)." I've tried
placing the admin password in cleartext, and base64 in the ldap.secret
file.
Frankly, I'd rather root be prompted for the LDAP admin password than
the password be stored in a file anyways. Is this possible?
Best Regards,
Greg Copeland
17 years, 6 months
RE: [Fedora-directory-users] DS Gateway error
by Jo De Troy
Hi Rich,
I checked these, I see nothing strange.
I enabled debug logging in httpd.conf
The setup is not totally default eg it runs as ldap user and not as nobody
The admin domain is 1 level above of the actual domain of the server.
Any idea what could be causing this error?
[Mon Oct 16 15:01:06 2006] [notice] [client 10.131.238.21]
admserv_host_ip_check: ap_get_remote_host could not resolve
10.131.238.21
[Mon Oct 16 15:01:06 2006] [debug] mod_admserv.c(2518): [client
10.131.238.21] checking user cache for: uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot
[Mon Oct 16 15:01:06 2006] [debug] mod_admserv.c(2521): [client
10.131.238.21] user found in cache uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot
[Mon Oct 16 15:01:06 2006] [debug] mod_admserv.c(1480): [client
10.131.238.21] admserv_check_authz: request for uri
[/admin-serv/tasks/operation/StatusPing]
[Mon Oct 16 15:01:06 2006] [debug] mod_admserv.c(1692): [client
10.131.238.21] admserv_check_authz: uri [tasks/operation/StatusPing]
did not begin with [commands/] - not a command
[Mon Oct 16 15:01:06 2006] [debug] mod_admserv.c(1741): [client
10.131.238.21] admserv_check_authz: execute CGI
[/opt/fedora-ds/bin/admin/admin/bin/statusping] args [(null)]
[Mon Oct 16 15:01:21 2006] [notice] [client 10.131.238.21]
admserv_host_ip_check: ap_get_remote_host could not resolve
10.131.238.21
[Mon Oct 16 15:01:21 2006] [debug] mod_admserv.c(2518): [client
10.131.238.21] checking user cache for: uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot
[Mon Oct 16 15:01:21 2006] [debug] mod_admserv.c(2521): [client
10.131.238.21] user found in cache uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot
[Mon Oct 16 15:01:21 2006] [debug] mod_admserv.c(1480): [client
10.131.238.21] admserv_check_authz: request for uri
[/admin-serv/tasks/operation/StatusPing]
[Mon Oct 16 15:01:21 2006] [debug] mod_admserv.c(1692): [client
10.131.238.21] admserv_check_authz: uri [tasks/operation/StatusPing]
did not begin with [commands/] - not a command
[Mon Oct 16 15:01:21 2006] [debug] mod_admserv.c(1741): [client
10.131.238.21] admserv_check_authz: execute CGI
[/opt/fedora-ds/bin/admin/admin/bin/statusping
Thanks again,
Jo
17 years, 6 months
Re: [Fedora-directory-users] FDS and AD
by Howard Chu
> Date: Mon, 02 Oct 2006 10:01:55 -0600
> From: Richard Megginson <rmeggins(a)redhat.com>
> Sergio Diaz wrote:
>> Hi Richard;
>>
>> Openldap:
>>
>> The *meta* backend to *slapd(8)
>> <http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8>*
>> performs basic LDAP proxying with respect
>> to a set of remote LDAP servers, called "targets". The information
>> contained in these servers can be presented as belonging to a single
>> Directory Information Tree (DIT).
>>
>> Its possible with FDS ??
>>
> FDS has a chaining backend which allows you to use another LDAP server
> to store the data.
It sounds like the FDS chaining backend is similar to OpenLDAP back-ldap
and/or the chaining overlay. In OpenLDAP back-ldap forwards a request to
one other server (at a time; multiple servers can be configured but the
others will only be used if the first server cannot be contacted). The
back-meta backend is a superset of back-ldap, it can fanout single
requests to multiple servers in parallel and aggregate the results.
(There's also attribute mapping and DN rewriting, but those capabilities
are no longer unique to back-meta, having been moved into the rewrite
overlay.) With these modules you can stitch together a variety of
heterogeneous directories into a coherent virtual directory.
>> Regards!!
>> Sergio
>>
>>
>>
>> On Mon, 2006-10-02 at 07:25 -0600, Richard Megginson wrote:
>>> Sergio Diaz wrote:
>>>> Hi People,
>>>>
>>>> Its Possible Sync only in One Way ?
>>>>
>>>> Users Windows AD -> FDS.
>>> No, not really.
>>>> Or the other scenario its like OpenLDAP have a Meta Backend (2 LDAPs,
>>>> 1 AD), its possible with FDS ?
>>> It's possible. What does the meta backend do?
>>>>
>>>> Regards,
>>>> Sergio
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
17 years, 6 months