[Fedora-directory-users] problems after server rename
by Ulli Horlacher
My boss forced me to rename the server hostname (I KNOW this is a stupid
idea, but ...) and now I have the following situation:
lanldap4:/opt/fedora-ds# ./start-admin
lanldap4:/opt/fedora-ds# tail admin-serv/logs/error
[Wed Feb 15 14:53:42 2006] [crit] mod_admserv_post_config(): unable to build user/group LDAP server info: unable to set User/Group baseDN
Configuration Failed
The admin server is not running and I cannot connect with startconsole.
I suppose I have to change some configs (in
/opt/fedora-ds/admin-serv/config ?) but which ones?
--
-- Ullrich Horlacher --------------------- mailto:framstag@belwue.de --
BelWue Coordination phone: +49 711 685 5872
University of Stuttgart fax: +49 711 678 8363
-- Allmandring 3A, 70550 Stuttgart, Germany -- http://www.belwue.de/ --
18 years, 2 months
[Fedora-directory-users] Non Leaf Object
by Jim Summers
Hello List,
While working with some scripts for my development ldap. I was trying
to remove the ou=People and got the following error:
ldap_delete: Operation not allowed on non-leaf (66)
The ldif file has two basic lines in it:
------
dn: ou=People,dc=xxx,dc=xxx,dc=xxx
changetype: delete
------
I have used this same syntax to drop other ou's in the tree. So I
wasn't sure why this ou is considered a non-leaf?? Or honestly I am not
sure what a leaf is, in regards to ldap? Any good reading material?
I could delete each entry in the People container and then re-populate,
but that seems like a noisy way of doing things in regards to the multi
master replicas I have running.
Q. Why am I doing this?
A. I am temporarily manually sync'ing a production iplanet 5.1 ldap. I
had thought about trying the multi-master scripts from the HOW-TO's but
I was a little hesistant. Hopefully by this summer I will be fully
migrated over to the FDS-ldap.
Ideas / suggestions?
--
Jim Summers
School of Computer Science-University of Oklahoma
-------------------------------------------------
18 years, 2 months
[Fedora-directory-users] Samba integration
by Felipe Alfaro Solana
Hello,
I have seen Fedora Directory Server console has support for "NT User"
attributes when creating a new user in the directory. However, it
seems the enabling the "NT User" capability uses an objectclass named
"ntuser" instead of using "sambaSamAccount", which is the correct
objectclass for Samba 3.0 integration. Can this be changed?
Also, Fedora Directory Server has a plugin for Password Modify
(LDAP_EXTOP_PASSMOD) which requires the invoker to always supply the
original password along the new password. This causes problems when
trying to use password synchronization between Samba and FDS, since
Samba can't supply the original password. Can this be changed? It
seems to me the only way of fixing this is by modifying the source
file sources/ldapserver/ldap/servers/slapd/passwd_extop.c, but the
building process seems overwhelming for me to try.
Any ideas?
Thanks!
18 years, 2 months
[Fedora-directory-users] NDS
by Nikos Zaharioudakis
Dear all is there a succesfull case with Novell NDS synchronasation?.
Any feedback is really appreciated
Best Regards,
Zahariudakis Nikos
--
########################################3
Zaharioudakis Nikos
mob: +30 6947204063
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
18 years, 2 months
[Fedora-directory-users] ldap client with solaris 9
by basile
i install fedora directory on two solaris 9 ( do it for 32 and 64 bits
versions )
do exactly same things , have same pam.conf , nsswitch.conf ,
ldap_client_file and ldap_client_cred
fds works fine on two installations , can ldaplist etc ....
but for one of the installation , id , getent never works
solaris search on fds but with an empty base , and it doesn t bind as
proxyagent
what could it be
thanks , it s important
basile
18 years, 2 months
[Fedora-directory-users] See several of these in clients /var/log/messages
by Bliss, Aaron
I've noticed that since migrating to authenticate to fds, in clients
/var/log/messages I see several of these per day; I have not heard of
anyone being unable to login to the boxes, however I'm curious as to why
these entries are showing up. Any ideas? Thanks.
nss_ldap: reconnecting to LDAP server...
nss_ldap: reconnected to LDAP server after 1 attempt(s)
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
18 years, 2 months
Re: [Fedora-directory-users] Search w/ empty base dn
by Howard Chu
> Date: Fri, 10 Feb 2006 12:05:52 -0700
> From: Richard Megginson <rmeggins(a)redhat.com>
>
> Glenn W. Bach wrote:
>
>
>>>> I'm replacing an ldap server with Fedora Directory. The old one
>>>> allows searches with
>>>> the base dn empty. Is there a way to allow searches with a blank
>>>> base dn in Fedora
>>>> Directory?
>>>>
>>> I'm assuming you mean the ability to perform a subtree search with a
>>> base dn of "". No,
>>> you cannot do this with Fedora DS. What is your old directory server?
>>> Does it do this
>>> by default or do you have to configure it to do so?
>>>
>> Yes, -b ''
>>
>> We are actually replacing an Exchange 5.5 system that is pretending to
>> be an ldap server.
>> The unfortunate thing is that hundreds of users have their base dn
>> blank, which is
>> something Exchange can apparently deal with. I am not sure if it had
>> to be specifically configured to allow this.
>>
>
> No, that explains it.
>
>
>> So the bottom line sounds like we need to touch several hundred
>> desktops if we want to transition away from Exchange. Sigh...
>>
>
> Perhaps not. OpenLDAP has the ability to act as an LDAP proxy and
> rewrite the base DN. I'm not sure how to do this, but probably someone
> on the openldap lists would know.
>
OpenLDAP has a more relevant solution here: you can set a
defaultsearchbase on slapd that is used when a search request comes in
with an empty baseDN and non-base scope. This feature exists in OpenLDAP
precisely because of all those misconfigured clients in the world.
> Alternately, you could write a plug-in (datainterop) that maps incoming
> requests for base "" and sub scope to your real suffix.
>
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
18 years, 2 months
Re: [Fedora-directory-users] Search w/ empty base dn
by Glenn W. Bach
>> I'm replacing an ldap server with Fedora Directory. The old one allows searches with
>> the base dn empty. Is there a way to allow searches with a blank base dn in Fedora
>> Directory?
> I'm assuming you mean the ability to perform a subtree search with a base dn of "". No,
> you cannot do this with Fedora DS. What is your old directory server? Does it do this
> by default or do you have to configure it to do so?
Yes, -b ''
We are actually replacing an Exchange 5.5 system that is pretending to be an ldap server.
The unfortunate thing is that hundreds of users have their base dn blank, which is
something Exchange can apparently deal with. I am not sure if it had to be specifically
configured to allow this.
So the bottom line sounds like we need to touch several hundred desktops if we want to
transition away from Exchange. Sigh...
Thanks.
Glenn
18 years, 2 months
[Fedora-directory-users] Question on indexes
by Bliss, Aaron
Does anyone see any concern about indexing uidnumber and gidnumber
(create index equality index type)? I would guess that these are 2
attributes that are accessed quite frequently for getting ownership
information of files and directories from clients. What do you guys
think?
Aaron
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
18 years, 2 months
[Fedora-directory-users] Hp_ux authentication
by Bliss, Aaron
Were running fds in our environment, and authenticating our linux
servers to our directory servers; we have a couple of hp_ux boxes (11i)
here and I would like to configure them to also authenticate to fds; is
this possible? If so can you point me to some documentation for
configuring these boxes? Thanks very much.
Aaron
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
18 years, 2 months