[Fedora-directory-users] PAM passthru questions and SecureID
by Chris Maresca
All,
I've been looking longingly at the PAM pass-through module as it would
give us access to capabilities we've wanted for a while. I've looked at
the README, but I still have a few questions.
1. Is it possible to specify PAM as the authentication on a per-account
basis?
2. Is it possible to specify authentication escalation on failure on a
per account basis?
3. Has anyone deployed it in a production environment?
If so, what type(s) of PAM auth did you use?
Also, if anyone has any successful examples of using two-factor
authentication tokens (specifically either SecureID or CryptoCard, but
also others), I would love to hear about them. It seems that none of
the vendors providing token-based support LDAP as a primary user info
repository directly, which is odd, to say the least.
I'd like to add that compared to OpenLDAP, Fedora DS is a breath of
fresh air. Thanks for making it available.
Chris.
--
Chris Maresca
Olliance Group, LLC
www.olliancegroup.com
17 years, 5 months
[Fedora-directory-users] fedora-ds-1.0.3 problem: too many fds open
by Sergey Ivanov
Hi,
I have a new issue with fedora-ds today.
The server is running 64-bit Redhat with kernel 2.6.9-1.681_FC3smp. It
is used for network authentication and for another purposes, and today
in the morning authentication was broken. I have restarted
slapd-instance locally on the server, and everything works since that
fine. In the logs: there was not records in access log from 08:04 till
after restart. In the error log everything these lines repeated again
and again, before them previous relates to an event 6 days before this:
---
[08/Nov/2006:08:18:01 -0500] - Not listening for new connections - too
many fds open
[08/Nov/2006:08:18:01 -0500] - Listening for new connections again
[08/Nov/2006:08:18:01 -0500] - Not listening for new connections - too
many fds open
[08/Nov/2006:08:18:01 -0500] - Listening for new connections again
[08/Nov/2006:08:18:01 -0500] - Not listening for new connections - too
many fds open
[08/Nov/2006:08:18:01 -0500] - Listening for new connections again
[08/Nov/2006:08:18:01 -0500] - Not listening for new connections - too
many fds open
[08/Nov/2006:08:18:01 -0500] - Listening for new connections again
[08/Nov/2006:08:18:22 -0500] - Not listening for new connections - too
many fds open
[08/Nov/2006:08:18:23 -0500] - Listening for new connections again
[08/Nov/2006:08:19:01 -0500] - Not listening for new connections - too
many fds open
[08/Nov/2006:08:19:01 -0500] - Listening for new connections again
[08/Nov/2006:08:19:03 -0500] - Not listening for new connections - too
many fds open
[08/Nov/2006:08:19:03 -0500] - Listening for new connections again
[08/Nov/2006:08:19:03 -0500] - Not listening for new connections - too
many fds open
[08/Nov/2006:08:19:03 -0500] - Listening for new connections again
[08/Nov/2006:08:19:03 -0500] - Not listening for new connections - too
many fds open
[08/Nov/2006:08:19:03 -0500] - Listening for new connections again
[08/Nov/2006:08:19:22 -0500] - Not listening for new connections - too
many fds open
...
...
---
# sysctl -a |grep fs\.file
fs.file-max = 101314
fs.file-nr = 4695 0 101314
and no manually inserted adjustment for ulimit for fedora-ds.
Nothing interesting I can find in /var/log/messages.
Can anybody help to understand what is happened and prevent this in future?
--
With best regards,
Sergey
17 years, 5 months
[Fedora-directory-users] Missing Objectclasses in a Default install of 1.0.3
by Eric Brown
When I install 1.0.3, use the default values for setting it up, and
start it, the following messages are displayed.
[08/Nov/2006:10:51:44 -0600] - Entry "cn=encryption,cn=config"
required attribute "objectclass" missing
[08/Nov/2006:10:51:45 -0600] - Entry "cn=config" required attribute
"objectclass" missing
[08/Nov/2006:10:51:45 -0600] - Entry "cn=config" required attribute
"objectclass" missing
[08/Nov/2006:10:51:45 -0600] - Entry "cn=encryption,cn=config"
required attribute "objectclass" missing
I have not added or removed anything from the default schema files and
I can't find a message that tells me what object classes are missing.
Any ideas on where to look for more detailed information on these
errors or why they are appearing in the first place.
Thanks.
17 years, 5 months
[Fedora-directory-users] Trouble upgrading to Fedora Directory Server 1.0.3
by Gordon May
I apologize if you've already received this message but I wasn't sure
if it actually got sent out.
Hi,
Has anyone successfully upgraded their version of FDS to ver. 1.0.3? I
tried upgrading to the newest version yesterday afternoon and halfway
through the upgrade process got the following errors:
Fatal Slapd ERROR: Could not update Directory Server Instance<br>URL
ldap://ldap.example.com:389/o=NetscapeRoot user id admin DN
cn=slapd-example,cn=Fedora Directory Server,cn=Server Group,cn=
ldap.example.com,ou=example.com,o=NetscapeRoot (19:Constraint
violation)
Configuring Administration Server...
InstallInfo: Apache Directory "ApacheDir" is missing.
Restarting Directory Server: /opt/fedora-ds/slapd-example/start-slapd
Server failed to start !!! Please check errors log for problems
After the upgrade failed I was able to get the sldap server running
again by changing the owner of the config and logs directories to the
ldap user. However, I'm unable to get the admin console working and
believe the cause of the problem is related to the above errors.
The steps I used to upgrade the server are as follows:
1. rpm -Uvh fedora-ds-1.0.3-1.FC5.i386.opt.rpm
2. Then I ran /opt/fedora-ds/setup/setup
Any help would be appreciated.
Gord
17 years, 5 months
[Fedora-directory-users] Referal/Chaining question
by Ankur Agarwal
Hi,
We have 2 existing directory services set-up with different schemas:
1) Active Directory
2) iPlanet LDAP
Now we want to introduce a third one (Fedora LDAP) where we want to use referal/chaining features to send requests to these already existing servers. Would really appreciate your answers on:
1) Can we modify/update active directory data and iPlanet data with application interfacing only with new Fedora LDAP which will dispatch requests to these servers? Or can referal/chaining be used only for querying other LDAP servers?
2) Can Referal/Chaning be set-up across ActiveDirectory and Fedora with them having different schemas? Similarly between iPlanet and Fedora?
3) If we want to migrate data from iPlanet to Fedora (having diff schema on Fedora) then any issues we must be aware of and any best practices?
Thanks,
Ankur
---------------------------------
Sponsored Link
Degrees online in as fast as 1 Yr - MBA, Bachelor's, Master's, Associate - Click now to apply
17 years, 5 months
[Fedora-directory-users] {CRYPT} or {crypt}
by basile
hi
we have a fedora directory server in which there are stored password
{CRYPT}hdfflkdf and others {crypt}bqbqsbqsd
no problem for ldap but there is a radius server which authenticate
users through ldap and which is case
sensitive
is there recommandation to use CRYPT or crypt
thanks
basile
17 years, 5 months
[Fedora-directory-users] Trouble upgrading to Fedora Directory Server 1.0.3
by Gordon May
Hi,
Has anyone successfully upgraded their version of FDS to ver. 1.0.3? I tried
upgrading to the newest version yesterday afternoon and halfway through the
upgrade process got the following errors:
Fatal Slapd ERROR: Could not update Directory Server Instance<br>URL
ldap://ldap.example.com:389/o=NetscapeRoot user id admin DN
cn=slapd-example,cn=Fedora Directory Server,cn=Server
Group,cn=ldap.example.com,ou=example.com,o=NetscapeRoot (19:Constraint
violation)
Configuring Administration Server...
InstallInfo: Apache Directory "ApacheDir" is missing.
Restarting Directory Server: /opt/fedora-ds/slapd-example/start-slapd
Server failed to start !!! Please check errors log for problems
After the upgrade failed I was able to get the sldap server running again by
changing the owner of the config and logs directories to the ldap user.
However, I'm unable to get the admin console working and believe the cause
of the problem is related to the above errors.
The steps I used to upgrade the server are as follows:
1. rpm -Uvh fedora-ds-1.0.3-1.FC5.i386.opt.rpm
2. Then I ran /opt/fedora-ds/setup/setup
Any help would be appreciated.
Gord
17 years, 5 months
[Fedora-directory-users] Version numbers
by Jason Russler
This is, in a way, entirely inconsequential from a functional
stand-point but:
I performed an upgrade from 1.0.2 to1.0.3. The upgrade went fine
(except the permissions on ~/slapd-blah/config and ~/slapd-blah/logs had
to be changed back to what they were suppose to be) but when I start the
console it shows a directory server version number of 1.0.2. Where is
it getting that? /opt/fedora-ds/bin/slapd/server/ns-slapd showes
Fedora-Directory/1.0.3 B2006.303.1845.
17 years, 5 months