[Fedora-directory-users] Multimaster Replication Behind a Load Balancer
by Dave Augustus
Hello All.
I want to have 2 hosts that are setup to do multimaster between
themselves. Because my application on allows for a single server entry,
I want to put both of these behind Linux Virtual Server director, which
is a load-balancer that I use for other services currently. With this
configuration, I can have either LDAP server go down and my application
won't break.
The load balancer requires that I tell the LDAP servers to not respond
to arp requests so that the load balancer can. So how can the LDAP
servers communicate with each other for updates ? I looked for some
information on how to make the LDAP servers use more than one IP for
LDAP but could find no answer.
Thanks for your time,
Dave
17 years, 4 months
[Fedora-directory-users] Trouble upgrading 1.0.2 -> 1.0.4 w/ SSL-enabled configuration directory server
by Jeremy Thornhill
We have a single supplier / multiple replica setup, using SSL. The supplier
is configured as the "Configuration Directory Server" and clients are
configured accordingly. I attempted to upgrade one of the replicas in
accordance with the release notes (i.e. Upgrade the RPM, restart the server,
run /opt/fedora-ds/setup/setup).
Setup proceeds as expected until the point where the application prompts for
the admin password. This is the text of the dialogue:
> In order to reconfigure your installation, the Configuration Directory
> Administrator password is required. Here is your current information:
>
> Configuration Directory: ldaps://<myldapmaster>.<mydomain>:636/o=NetscapeRoot
> Configuration Administrator ID: admin
>
> At the prompt, please enter the password for the Configuration Administrator.
>
> Fedora configuration directory server
> administrator ID [admin]:
> Password:
Regardless of what information is entered, the application seems to hang,
and does not display any new information or prompts after this point.
Curious, I tried disabling SSL on the upgraded replica's admin server config
by editing the following files (the information at this url pointed me in
the right direction:
http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt):
/opt/fedora-ds/admin-serv/config/adm.conf
/opt/fedora-ds/shared/config/dbswitch.conf
Disabling ssl in these locations and re-running setup resulted in success.
Once the upgrade was complete, I shut the server down and re-enabled ssl -
everything worked swimmingly thereafter.
Now, we've been using ssl successfully for pretty much everything with no
issue (certs all distributed and everything working fine), so I'm not sure
why this is failing. Is this perhaps a bug in setup? Is there something
else I need to be doing to have SSL work for the setup application? It's
ultimately not a huge issue since it can be worked around, but it took a
good chunk of time for me to track down the problem.
Thanks,
Jeremy Thornhill
System administrator
jeremy.thornhill(a)motricity.com
NOTICE: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information of Motricity. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
17 years, 4 months
Re: [Fedora-directory-users] AD + FDS sync stops working?
by Dan Oglesby
I tried the following:
In windows registry->HKLM->Software->PasswordSync, try add string value Log
Level and set it to 1. Restart the passsync service. This should log
all transactions and errors. Turn this back to "0" and restart passsync
after troubleshooting.
All I see in the log is this:
11/30/06 09:12:58: begin log
11/30/06 09:12:59: 0 new entries loaded from file
11/30/06 09:14:20: 0 new entries loaded from file
11/30/06 09:14:20: 0 entries saved to file
11/30/06 09:14:20: end log
11/30/06 09:14:22: begin log
11/30/06 09:14:22: 0 new entries loaded from file
Thats after restarting the passsync service twice, and changing a users
password in AD four times.
--Dan
17 years, 4 months
[Fedora-directory-users] store image or path to the image
by patrick ndjientcheu ngandjui
hi,
I would like to store photo of people in my directory.But i don't know if it is better to store binary image or just the path to the image. If it is the first option which is the better choice,which type should I choose for the photo attribute?
Thanks.
---------------------------------
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses.
17 years, 4 months
[Fedora-directory-users] Memory usage
by Michał Droździewicz
Hello,
I've installed FDS 1.0.4 on test system with only 256MiBs of RAM. Now I
want to test performance and when I've started to query FDS with
ldapsearch on my full LDAP tree the load of linux box raised to 12 but
FDS memory usage stays @ 90-110MiBs of ram, regardless of that I've
added RAM and now linux box has 2048MiBs. Is there any option to set for
FDS, that it uses more ram for cache or some other purpose?
--
xmpp/email: koniczynek(a)uaznia.net
xmpp/email: koniczynek(a)gmail.com
17 years, 4 months
[Fedora-directory-users] Upgrade from 1.0.1 to 1.0.4 problems (admserver10.jar not found)
by Clayton Rogers
Hi all,
I just ran an rpm -Uvh fedora-ds-1.0.4-1.RHEL4.i386.opt.rpm on an
existing 1.0.1 installation. Everything worked fine except for the
Fedora Administration console comes up with the following error when I
click on Administration Server:-
* Installing Server Components
* Downloading admserver10.jar
* Failed to install a local copy of admserv10.jar or one of its
support files:
* admserv10.jar not found at http://server.domain:51211/
Any help greatly appreciated.
Cheers
--
Clayton Rogers <mailto:clayton@bundaberg.qld.gov.au>
Systems Administrator
Bundaberg City Council <http://www.bundaberg.qld.gov.au/>
Phone: (07) 41539236
Fax: (07) 41529155
17 years, 4 months
[Fedora-directory-users] Which is better - attribute of type dn or multivalued attribute?
by Ankur Agarwal
Hi,
In our schema we need to have users who will belong to multiple groups. These groups are independent groups and do not have any parent child relationship. So while defining the ObjectClass for my user i have two options:
1) Have an attribute called - isMemberOf and make it of type distinguishedName. This will be a list of all groups to which a user belongs.
2) Have a multivalued attribute - groupName.
which option makes more sense. Assume the functionalities that i need to support are:
1) Search all users belonging to a group
2) edit a user to add/remove a group from profile
3) Delete all the users belonging to a group
regards,
Ankur
---------------------------------
Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates.
17 years, 4 months
FW: [Fedora-directory-users] Extracting details from ActiveDirectoryto FDS
by Paxton, Darren
Apologies for mailing yet again, however either my messages are not
getting through (something I don't believe as I keep getting the post to
the mailing list) - or for some reason, no one is willing to even
acknowledge my issue.
In the spirit of the community - can someone at least acknowledge a
message as I find it quite disheartening that I have had no replies at
all even if just to point me somewhere for assistance.
________________________________
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Paxton,
Darren
Sent: 30 November 2006 08:46
To: General discussion list for the Fedora Directory server project.
Subject: RE: [Fedora-directory-users] Extracting details from
ActiveDirectoryto FDS
Hi
Has anyone had any thoughts on my query or can point me in the right
direction?
As is the nature of AD, I would have thought it is possible to extract
this information using a scope setting or something similar.
Thanks
Darren
________________________________
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Paxton,
Darren
Sent: 24 November 2006 14:56
To: fedora-directory-users(a)redhat.com
Subject: [Fedora-directory-users] Extracting details from Active
Directoryto FDS
Hi all,
I've been tinkering with integrating our Linux devices into our
AD domain for some time and I've hit a few brick walls, however I've
recently discovered FDS and the synchronisation features with AD.
I've managed to set up a few replication jobs, however due to
the extensive nature of our AD, I've realised that the sync only takes
the group and user objects from the OU or CN being specified.
Is there any way I can specify that it should traverse all
subtrees of an OU and extract all that information back into FDS?
Thanks
Darren
--
Darren Paxton
EMEA Tier2
Red Hat Certified Engineer
VMware Certified Professional
MGTI Centralised ops
This e-mail and any attachments may be confidential or legally
privileged.If you received this message in error or are not the intended
recipient, you should destroy the email message and any attachments or
copies, and you are prohibited from retaining, distributing, disclosing
or using any information contained herein. Please inform us of the
erroneous delivery by return e-mail. Thank you for your co-operation.
Mercer Human Resource Consulting Limited is authorised and regulated by
the Financial Services Authority. Registered in England No. 984275.
Registered Office: 1 Tower Place West, Tower Place, London, EC3R 5BU.
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
17 years, 5 months
[Fedora-directory-users] RE: Fedora-directory-users Digest, Vol 19, Issue 1
by t b
My logs seem to indicate that the connection is being encrypted; I can ssh
to a client server and get the password prompt, but when I enter the
password it just returns me to the password prompt again
[01/Dec/2006:19:47:44 -0500] conn=650 fd=69 slot=69 connection from
xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx
[01/Dec/2006:19:47:44 -0500] conn=650 op=0 EXT oid="1.3.6.1.4.1.1466.20037"
name="startTLS"
[01/Dec/2006:19:47:44 -0500] conn=650 op=0 RESULT err=0 tag=120 nentries=0
etime=0
[01/Dec/2006:19:47:44 -0500] conn=650 SSL 256-bit AES
[01/Dec/2006:19:47:44 -0500] conn=650 op=1 UNBIND
[01/Dec/2006:19:47:44 -0500] conn=650 op=1 fd=69 closed - U1
If I disable TLS everything works fine, the client server can query the FDS
and auth the client properly
I am not sure if the problem has to do with the pam_ldap not properly
formatted or the cert file not in proper format
Does anyone have an example of what the pam_ldap config should look like? or
suggestions on checking whether the cert file is in proper format
Also what's the UNBIND shown in the logs?
Thanks
>From: fedora-directory-users-request(a)redhat.com
>Reply-To: fedora-directory-users(a)redhat.com
>To: fedora-directory-users(a)redhat.com
>Subject: Fedora-directory-users Digest, Vol 19, Issue 1
>Date: Fri, 1 Dec 2006 12:00:06 -0500 (EST)
>
>Send Fedora-directory-users mailing list submissions to
> fedora-directory-users(a)redhat.com
>
>To subscribe or unsubscribe via the World Wide Web, visit
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>or, via email, send a message with subject or body 'help' to
> fedora-directory-users-request(a)redhat.com
>
>You can reach the person managing the list at
> fedora-directory-users-owner(a)redhat.com
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Fedora-directory-users digest..."
>
>
>Today's Topics:
>
> 1. pam_ldap with SSL/TLS (t b)
> 2. RE: pam_ldap with SSL/TLS (Morris, Patrick)
> 3. Re: pam_ldap with SSL/TLS (Richard Megginson)
> 4. Problem with SSL console in X in specific circumstances
> (Philip Kime)
> 5. FW: [Fedora-directory-users] Extracting details from
> ActiveDirectoryto FDS (Paxton, Darren)
> 6. alias in fedora directory server (patrick ndjientcheu ngandjui)
> 7. Re: FW: [Fedora-directory-users] Extracting details from
> ActiveDirectoryto FDS (Nicholas Byrne)
> 8. Re: Memory usage (koniczynek)
> 9. Re: Memory usage (David Boreham)
> 10. Re: Memory usage (koniczynek)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Thu, 30 Nov 2006 12:31:50 -0500
>From: "t b" <mxheadroom(a)hotmail.com>
>Subject: [Fedora-directory-users] pam_ldap with SSL/TLS
>To: fedora-directory-users(a)redhat.com
>Message-ID: <BAY116-F322745E96D702ED748B1D0CDDB0(a)phx.gbl>
>Content-Type: text/plain; format=flowed
>
>I am trying to setup pam_ldap to use TLS to communicate with the FDS, but
>having lots of problems doing so; it works if I use the unencrypted way but
>not if I use ldaps ( port 636 )
>
>I used the instructions at,
>http://directory.fedora.redhat.com/wiki/Howto:PAM
>
>Has anyone gotten PAM to work TLS
>
>
>Thanks
>
>_________________________________________________________________
>Buy, Load, Play. The new Sympatico / MSN Music Store works seamlessly with
>Windows Media Player. Just Click PLAY.
>http://musicstore.sympatico.msn.ca/content/viewer.aspx?cid=SMS_Sept192006
>
>
>
>------------------------------
>
>Message: 2
>Date: Thu, 30 Nov 2006 13:00:56 -0500
>From: "Morris, Patrick" <patrick.morris(a)hp.com>
>Subject: RE: [Fedora-directory-users] pam_ldap with SSL/TLS
>To: "General discussion list for the Fedora Directory server project."
> <fedora-directory-users(a)redhat.com>
>Message-ID:
> <CD18C81835E18A40A64C4A0D16A237BE05FE850D(a)ATAEXC01.americas.cpqcorp.net>
>
>Content-Type: text/plain; charset="US-ASCII"
>
> > I am trying to setup pam_ldap to use TLS to communicate with
> > the FDS, but having lots of problems doing so; it works if I
> > use the unencrypted way but not if I use ldaps ( port 636 )
>
>Someone should jump in here and correct me if I'm wrong, but I believe
>it's normal for TLS connections to happen on the standard LDAP port.
>You should be able to tell from your logs whether the connection is
>encrypted or not.
>
>
>
>------------------------------
>
>Message: 3
>Date: Thu, 30 Nov 2006 11:08:08 -0700
>From: Richard Megginson <rmeggins(a)redhat.com>
>Subject: Re: [Fedora-directory-users] pam_ldap with SSL/TLS
>To: "General discussion list for the Fedora Directory server project."
> <fedora-directory-users(a)redhat.com>
>Message-ID: <456F1E08.40601(a)redhat.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>Morris, Patrick wrote:
> >> I am trying to setup pam_ldap to use TLS to communicate with
> >> the FDS, but having lots of problems doing so; it works if I
> >> use the unencrypted way but not if I use ldaps ( port 636 )
> >>
> >
> > Someone should jump in here and correct me if I'm wrong, but I believe
> > it's normal for TLS connections to happen on the standard LDAP port.
> > You should be able to tell from your logs whether the connection is
> > encrypted or not.
> >
>Yes. The LDAP "preferred" way is to use the startTLS extended operation
>which starts a TLS session on the non-secure port. This will be logged
>in the access log.
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users(a)redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
>
17 years, 5 months
