[Fedora-directory-users] Admin Server Failure
by Ian Marks
Does anyone have a good idea where I can start troubleshooting the error
below. I get the error when I attempt to start the admin server. I
also posted an error from the htttpd logs which could be related. I'm
running Centos 4.3 with FDS 1.0.2.
/opt/fedora-ds/admin-serv/logs/error
[Wed Aug 09 18:43:34 2006] [crit] host_ip_init(): PSET failure: Failed
to create PSET handle (pset error = )
Configuration Failed
/var/log/httpd/error_log
[Wed Aug 09 14:51:56 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Wed Aug 09 14:51:56 2006] [notice] LDAP: SSL support unavailable
Thanks,
Ian
17 years, 8 months
Re: [Fedora-directory-users] FDS + Samba + IdealX
by Mike Jackson
Alan Ferrier <alan.ferrier(a)iplay.com> kirjoitti:
> Hi guys,
>
> I'm attempting to integrate FDS + the IdealX scripts to handle User,
> Group and Computer Management. It's all going reasonably well - I can
> authenticate against the Samba Domain and do most admin type tasks. I'm
> having an issue when attempting to add a Computer to the Domain,
> however. It's blowing chunks with an "Insufficient 'write' privilege"
> error. Log snippet below.
>
> Running "/usr/sbin/smbldap-useradd -w marisa$" from the command line
> works fine.
>
> I've tried adding an ACI for the admin user for
> "sambadomainname=bridges,dc=digitalbridges,dc=sys" but this doesn't
> appear to change anything.
>
> Any hints greatly appreciated!
Hint: Submit FDS access logfile snippets containing your failed operations.
BR,
Mike
17 years, 8 months
[Fedora-directory-users] FDS + Samba + IdealX
by Alan Ferrier
Hi guys,
I'm attempting to integrate FDS + the IdealX scripts to handle User,
Group and Computer Management. It's all going reasonably well - I can
authenticate against the Samba Domain and do most admin type tasks. I'm
having an issue when attempting to add a Computer to the Domain,
however. It's blowing chunks with an "Insufficient 'write' privilege"
error. Log snippet below.
Running "/usr/sbin/smbldap-useradd -w marisa$" from the command line
works fine.
I've tried adding an ACI for the admin user for
"sambadomainname=bridges,dc=digitalbridges,dc=sys" but this doesn't
appear to change anything.
Any hints greatly appreciated!
Alan
[2006/08/09 11:12:57, 2] smbd/sesssetup.c:setup_new_vc_session(772)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2006/08/09 11:12:57, 2] smbd/sesssetup.c:setup_new_vc_session(772)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2006/08/09 11:12:57, 2] lib/smbldap.c:smbldap_open_connection(722)
smbldap_open_connection: connection opened
[2006/08/09 11:12:57, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
init_sam_from_ldap: Entry found for user: alan.ferrier
[2006/08/09 11:12:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199)
init_group_from_ldap: Entry found for group: 513
[2006/08/09 11:12:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199)
init_group_from_ldap: Entry found for group: 1002
[2006/08/09 11:12:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199)
init_group_from_ldap: Entry found for group: 1003
[2006/08/09 11:12:57, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199)
init_group_from_ldap: Entry found for group: 1025
[2006/08/09 11:12:57, 2] auth/auth.c:check_ntlm_password(307)
check_ntlm_password: authentication for user [alan.ferrier] ->
[alan.ferrier] -> [alan.ferrier] succeeded
[2006/08/09 11:12:57, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
Returning domain sid for domain BRIDGES ->
S-1-5-21-683103908-991045669-825688854
[2006/08/09 11:12:57, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2670)
Returning domain sid for domain BRIDGES ->
S-1-5-21-683103908-991045669-825688854
Error: Insufficient 'write' privilege to the 'uidNumber' attribute of
entry 'sambadomainname=bridges,dc=digitalbridges,dc=sys'.
[2006/08/09 11:12:58, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
marisa$' gave 1
[2006/08/09 11:12:59, 2] smbd/server.c:exit_server(614)
Closing connections
--
-----------------------------
e-Commerce Systems Manager
I-play
3 Pitreavie Court
Pitreavie Business Park
Dunfermline KY11 8UU
UK
Tel: +44 (0) 1383 723234
Fax: +44 (0) 1383 723235
Mob: +44 (0) 7796 148326
=============================
________________________________________________________________________
E-mail is an informal method of communication and may be subject to data corruption, interception and unauthorised amendment for which I-play, a trading name of Digital Bridges Ltd will accept no liability. Therefore, it will normally be inappropriate to rely on information contained on e-mail without obtaining written confirmation.
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
(C) 2005. I-play is a trademark and trading name of Digital Bridges Limited. All Rights Reserved.
________________________________________________________________________
This message has been checked for all known viruses by the
MessageLabs Virus Scanning Service. For further information visit
http://www.messagelabs.com/stats.asp
17 years, 8 months
Re: [Fedora-directory-users] Help with the directory server locking up
by Mike Jackson
Michael Thomsen <mikerthomsen(a)gmail.com> kirjoitti:
> NDS 6.11
> Solars 9/05
>
> The only patch that we have installed so far is the patch cluster for
> Solaris 9 from Feb 3, 2006. It's not running replication and is being
> used in basically a default installation sort of configuration. The
> application that uses it is a simple Java client, nothing that should
> be causing any problems. This is something new that has appeared out
> of the blue.
JNDI has, or used to have, a bug which sends LDAP controls with every operation. IIRC, a workaround can be made in the client code telling JNDI not to use the control. This may or may not help you, but worth noting.
The problem and solution, as I found about 1-2 years ago, is listed in one OpenLDAP mailing list message, but I couldn't find it just now. Anyhow, you can see see the buggy JNDI behaviour I am referring to if you sniff the packets with ethereal.
BR,
--
mike
17 years, 8 months
[Fedora-directory-users] Help with the directory server locking up
by Mike Thomsen
I have a problem that is causing my team to look at migrating to
Fedora Directory Server, but we need some help on it first. We are
currently running into some sort of threading race condition with
Netscape Directory Server. After a while, it just locks up at 99% CPU
utilization. Has anyone besides us seen this behavior with NDS or FDS?
If someone has some information about this issue and it being resolved
in FDS, I am pretty sure that I could convince my people to make the
switch to FDS.
Thanks for any help,
Mike
17 years, 8 months
Re: [Fedora-directory-users] Help with the directory server locking up
by Mike Jackson
Michael Thomsen <mikerthomsen(a)gmail.com> kirjoitti:
> I have a problem that is causing my team to look at migrating to
> Fedora Directory Server, but we need some help on it first. We are
> currently running into some sort of threading race condition with
> Netscape Directory Server. After a while, it just locks up at 99% CPU
> utilization. Has anyone besides us seen this behavior with NDS or FDS?
> If someone has some information about this issue and it being resolved
> in FDS, I am pretty sure that I could convince my people to make the
> switch to FDS.
>
Hi,
I have previously been responsible for lots of NDS servers, and have experienced the same problems at times. If you're running on HP-UX, there are some OS level patches to help with some of these problems. There are also sometimes problems with HP-UX's ldapclientd looping...
BR,
Mike
17 years, 8 months
[Fedora-directory-users] Importing an LDIF schema
by Giles Chamberlin
I'm trying to import a existing schema into my fedora installation.
The schema is defined in
http://lab.ac.uab.edu/vnet/documents/ldif/commURI.ldif.txt
So far I've copied that file to my installations config directory,
renamed to 98commURI.ldif and restarted my instance of fedora ds.
This generates an error message:
dse - The entry cn=schema in file /opt/fedora-ds/slapd-mist/config/schema/98comURI.ldif is invalid, error code 21 (Invalid syntax) - attribute type commURI: Missing attribute syntax OID
[07/Aug/2006:16:36:39 +0100] dse - Please edit the file to correct the reported problems and then restart the server.
The directory server is a fresh installation of fedora-ds-1.0.2-1.RHEL.i386
Can anyone point me in the right direction?
--
Giles Chamberlin
17 years, 8 months
[Fedora-directory-users] Default search base?
by Josh Kelley
OpenLDAP has a defaultsearchbase configuration directive that lets you
specify the default search base to use if the client doesn't provide
one. Does FDS have a similar feature? I checked the docs and poked
around in the Admin Console and couldn't find it.
Josh Kelley
17 years, 8 months
