[Fedora-directory-users] FDS Replication problem
by jamsda
Hello,
I have a 4-way multi-master configured with FDS. One
of the hosts is not receiving/sending replicated data.
I tried removing the replication argreements with the
mmr.pl application (to try re-creating the agreement),
but it's not letting me.
Here's the error message trying to remove testhost1's
agreement:
perl mmr.pl --host1 testhost1 --host2 testhost2
--bindpw <password> --remove
"removing replication agreement from testhost1 ->
testhost2
Can't call method "dn" on an undefined value at mmr.pl
line 200, <DATA> line 397"
When I run the mmr.pl with --display, the agreement
appears to be ok:
perl mmr.pl --host1 testhost1 --host2 testhost2
--bindpw <password> --display
replication agreements from testhost1
->testhost2
->testhost3
replication agreements from testhost2
->testhost1
->testhost4
Here's the commands I used to create the 4-way
multi-master agreement:
perl mmr.pl --host1 testhost1 --host1_id 1 --host2
testhost2 --host2_id 2 --bindpw <DIRECTORY
ADMINISTRATOR PASS> --repmanpw <ADMIN PASS> --create
perl mmr.pl --host1 testhost3 --host1_id 3 --host2
testhost4 --host2_id 4 --bindpw <DIRECTORY
ADMINISTRATOR PASS> --repmanpw <ADMIN PASS> --create
perl mmr.pl --host1 testhost3 --host1_id 3 --host2
testhost1 --host2_id 1 --bindpw <DIRECTORY
ADMINISTRATOR PASS> --repmanpw <ADMIN PASS> --create
perl mmr.pl --host1 testhost4 --host1_id 4 --host2
testhost2 --host2_id 2 --bindpw <DIRECTORY
ADMINISTRATOR PASS> --repmanpw <ADMIN PASS> --create
The other 3 hosts are working fine. I'm not sure if
there are any other ways to troubleshoot this. Anybody
have any ideas?
Thanks,
Jim
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
17 years, 7 months
RE: [Fedora-directory-users] Importing an LDIF schema
by Giles Chamberlin
I've got a hunch that you're probably right, given the error message and
all. But I can't see where that's missing. I'm new to all this LDIF
stuff, so stumbling a little, but comparing the commURI schema with
those distributed with Fedora DS they look about right. Specifically
the commURI is defined with
attributetypes: (0.0.8.350.1.1.1.1.1
NAME 'commURI'
DESC 'Labeled URI format to point to the distinguished name of the
commUniqueId'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Which looks to me comparable with those distributed with Fedora DS.
Probably something very simple, but all held gratefully accepted.
Giles
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Morris,
Patrick
Sent: 07 August 2006 17:00
To: General discussion list for the Fedora Directory server project.
Subject: RE: [Fedora-directory-users] Importing an LDIF schema
It looks like...well, like you're missing the syntax OID on the commURI
attribute. Just a guess. :)
> -----Original Message-----
> From: fedora-directory-users-bounces(a)redhat.com
> [mailto:fedora-directory-users-bounces@redhat.com] On Behalf
> Of Giles Chamberlin
> Sent: Monday, August 07, 2006 8:53 AM
> To: fedora-directory-users(a)redhat.com
> Subject: [Fedora-directory-users] Importing an LDIF schema
>
> I'm trying to import a existing schema into my fedora installation.
> The schema is defined in
> http://lab.ac.uab.edu/vnet/documents/ldif/commURI.ldif.txt
>
> So far I've copied that file to my installations config
> directory, renamed to 98commURI.ldif and restarted my
> instance of fedora ds.
>
> This generates an error message:
>
> dse - The entry cn=schema in file
> /opt/fedora-ds/slapd-mist/config/schema/98comURI.ldif is
> invalid, error code 21 (Invalid syntax) - attribute type
> commURI: Missing attribute syntax OID
> [07/Aug/2006:16:36:39 +0100] dse - Please edit the file to
> correct the reported problems and then restart the server.
>
>
> The directory server is a fresh installation of
> fedora-ds-1.0.2-1.RHEL.i386 Can anyone point me in the right
> direction?
>
> --
> Giles Chamberlin
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
17 years, 7 months
[Fedora-directory-users] Error at work of the utility ldapsearch.
by Safonov Alexey
Hi !
I ask to help to solve a problem with the utility ldapsearch.
is a problem to carry out synchronization between FDS and AD. Has made the
following:
1) Install FDS
2) Configuring SSL Enabled FDS. For this purpose has started script
setupssl.sh (http://directory.fedora.redhat.com/download/setupssl.sh) from
HOWTO "Howto:SSL" (http://directory.fedora.redhat.com/wiki/Howto:SSL)
3) Restart FDS.
netstat -atupn | grep ns-
tcp 0 0 :::389 :::* LISTEN 6039/ns-slapd
tcp 0 0 :::636 :::* LISTEN 6039/ns-slapd
4) Enable SSL on AD.
Install Certificate Service
Check util ldp.exe:
Connected param: Server- srv-vm1.mup-example.vrn.ru
Port - 636
Checkbox "SSL"
ld = ldap_sslinit("srv-vm1.mup-example.vrn.ru", 636, 1);
Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
LDAP_VERSION3);
Error <0x0> = ldap_connect(hLdap, NULL);
Error <0x0> = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv);
Host supports SSL, SSL cipher strength = 128 bits
Established connection to srv-vm1.mup-example.vrn.ru.
Retrieving base DSA information...
.....
5) Import AD CA certificate in DER mode.
6) Copy, convert (PEM) and install AD CA certificate in FDS. Check:
[root@asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P
slapd-asterisk1-
CA certificate CTu,u,u
server-cert u,u,u
Server-Cert u,u,u
ad-cert CT,C,C <- install this
6) [root@asterisk1 alias]# ldapsearch -Z -P
/opt/fedora-ds/alias/slapd-asterisk1-cert8.db -h
rv-vm1.mup-example.vrn.ru -p 636 -D
"cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s
base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*"
Error:
ldapsearch: unabel to parse protocol version
"/opt/fedora-ds/alias/slapd-asterisk1-cert8.db"
Help my!
Thanks
------------------------------------------------------
My Setup:
Fedora Core 5 (i386)
Fedora Directory Server 1.0.2
Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru)
------------------------------------------------------
17 years, 7 months
[Fedora-directory-users] Admin Express replication monitor problems
by Philip Kime
Everything in my LDAP setup (FDS 1.0.2) runs over SSL but when I go into
the Admin Express interface and click on the "Replication Status" link
to take me to the replication monitoring page, the URL is hard-coded
with
serverport=389
which it passes to the
template-repl-monitor-cgi.pl
script. Of course, it can't connect on 389 so it fails. Anybody know how
to get the Admin Express interface to pass port 636 to the script?
PK
--
Philip Kime
NOPS Systems Architect
310 401 0407
17 years, 8 months
[Fedora-directory-users] FW: Can't start console
by Diana Shepard
Still having this same problem. Can anyone offer any
suggestions? Thought maybe I could uninstall the admin-serv
and reinstall it, but even though an uninstall of
the admin-serv only is an option, an install of the admin-serv
isn't.
I found this regarding a Windows ldap console (mine is
a Linux install):
http://directory.fedora.redhat.com/wiki?title=Howto:WindowsConsole&redir
ect=no
"SSL
Copying over the jar files will get the Administration Console going,
but SSL will not be functional. If you point it at an Administration
Server listening with https you'll see an exception thrown like this
one:
Exception in thread "main" java.lang.UnsatisfiedLinkError: no jss3 in
java.library.path"
That exception is similar to mine:
"Exception in thread "main" java.lang.UnsatisfiedLinkError:
/opt/fedora-ds/lib/libjss3.so: /opt/fedora-ds/lib/libjss3.so"
but my Administration Server is not "listening with SSL".
Why does it think I am??????
Diana Shepard
University of Colorado, Boulder
> -----Original Message-----
> From: Diana Shepard
> Sent: Friday, July 21, 2006 1:54 PM
> To: 'fedora-directory-users(a)redhat.com'
> Subject: Can't start console
>
> Thanks for the responses. Here are answers:
>
> [root@ldap2 ~]# java -version
> java version "1.4.2_04"
> Java(TM) 2 Runtime Environment, Standard Edition (build
> 1.4.2_04-b05) Java HotSpot(TM) Client VM (build 1.4.2_04-b05,
> mixed mode)
>
>
> [root@ldap2 ~]# ls -l /opt/fedora-ds/lib/libjss3.so
> -rwxr-xr-x 1 root root 213324 Nov 15 2005
> /opt/fedora-ds/lib/libjss3.so
>
>
> [root@ldap2 ~]# echo $LD_LIBRARY_PATH
> /opt/fedora-ds/lib:/opt/fedora-ds/shared/lib
>
>
>
> [root@ldap2 ~]# ldd /opt/fedora-ds/lib/libjss3.so
> libnss3.so => /opt/fedora-ds/shared/lib/libnss3.so
> (0x0000002a95682000)
> libsmime3.so =>
> /opt/fedora-ds/shared/lib/libsmime3.so (0x0000002a95807000)
> libssl3.so => /opt/fedora-ds/shared/lib/libssl3.so
> (0x0000002a95932000)
> libplc4.so => /opt/fedora-ds/shared/lib/libplc4.so
> (0x0000002a95a5f000)
> libplds4.so => /opt/fedora-ds/shared/lib/libplds4.so
> (0x0000002a95b64000)
> libnspr4.so => /opt/fedora-ds/shared/lib/libnspr4.so
> (0x0000002a95c67000)
> libc.so.6 => /lib64/tls/libc.so.6 (0x0000002a95dad000)
> libsoftokn3.so =>
> /opt/fedora-ds/shared/lib/libsoftokn3.so (0x0000002a95fe1000)
> libpthread.so.0 => /lib64/tls/libpthread.so.0
> (0x0000002a9613b000)
> libdl.so.2 => /lib64/libdl.so.2 (0x0000002a96251000)
> /lib64/ld-linux-x86-64.so.2 (0x000000552aaaa000)
>
> Diana Shepard
> University of Colorado, Boulder
>
>
> > -----Original Message-----
> > From: fedora-directory-users-bounces(a)redhat.com
> > [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
> > fedora-directory-users-request(a)redhat.com
> > Sent: Friday, July 21, 2006 10:00 AM
> > To: fedora-directory-users(a)redhat.com
> > Subject: Fedora-directory-users Digest, Vol 14, Issue 22
> >
> > Send Fedora-directory-users mailing list submissions to
> > fedora-directory-users(a)redhat.com
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > or, via email, send a message with subject or body 'help' to
> > fedora-directory-users-request(a)redhat.com
> >
> > You can reach the person managing the list at
> > fedora-directory-users-owner(a)redhat.com
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of Fedora-directory-users digest..."
> >
> >
> > Today's Topics:
> >
> > 1. Can't start console (Diana Shepard)
> > 2. Re: Can't start console (Richard Megginson)
> > 3. Re: Can't start console (brian)
> >
> >
> >
> ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Thu, 20 Jul 2006 16:02:18 -0600
> > From: "Diana Shepard" <Diana.Shepard(a)cusys.edu>
> > Subject: [Fedora-directory-users] Can't start console
> > To: <fedora-directory-users(a)redhat.com>
> > Message-ID:
> > <7315857F21D51B449CC55ADE3A568318C37FEB(a)ex2k3.ad.cusys.edu>
> > Content-Type: text/plain; charset="us-ascii"
> >
> > I have Fedora DS v1.0.2 installed on Linux AS v. 4, 64-bit.
> >
> > I get the following when I try /opt/fedora-ds/startconsole.
> > The libjss3.so file does indeed exist. I tried setting and
> exporting
> >
> > LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib:/opt/fedora-ds/lib
> >
> > to no avail. What the heck does it want?
> >
> > [root@ldap2 fedora-ds]# ./startconsole Exception in thread "main"
> > java.lang.UnsatisfiedLinkError:
> > /opt/fedora-ds/lib/libjss3.so: /opt/fedora-ds/lib/libjss3.so:
> > cannot open shared object file: No such file or directory
> > at java.lang.ClassLoader$NativeLibrary.load(Native Method)
> > at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560)
> > at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485)
> > at java.lang.Runtime.loadLibrary0(Runtime.java:788)
> > at java.lang.System.loadLibrary(System.java:834)
> > at
> > org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManage
> > r.java:133
> > 0)
> > at
> > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822)
> > at
> > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795)
> > at
> >
> com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown
> > Source)
> > at
> > com.netscape.management.client.util.UtilConsoleGlobals.getLDAP
> > SSLSocketF
> > actory(Unknown Source)
> > at
> > com.netscape.management.client.console.Console.LDAPinitializat
> > ion(Unknow
> > n Source)
> > at
> > com.netscape.management.client.console.Console.<init>(Unknown
> > Source)
> > at
> com.netscape.management.client.console.Console.main(Unknown
> > Source)
> >
> > Diana Shepard
> > University of Colorado,Boulder
> > University Management Systems
> >
> >
> > -------------- next part -------------- An HTML attachment was
> > scrubbed...
> > URL:
> > https://www.redhat.com/archives/fedora-directory-users/attachm
> ents/20060720/d1742a42/attachment.html
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Thu, 20 Jul 2006 19:09:19 -0600
> > From: Richard Megginson <rmeggins(a)redhat.com>
> > Subject: Re: [Fedora-directory-users] Can't start console
> > To: "General discussion list for the Fedora Directory
> server project."
> > <fedora-directory-users(a)redhat.com>
> > Message-ID: <44C0293F.6020505(a)redhat.com>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > Which jre are you using?
> >
> > Diana Shepard wrote:
> > >
> > > I have Fedora DS v1.0.2 installed on Linux AS v. 4, 64-bit.
> > >
> > > I get the following when I try /opt/fedora-ds/startconsole. The
> > > libjss3.so file does indeed exist. I tried setting and exporting
> > >
> > > LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib:/opt/fedora-ds/lib
> > >
> > > to no avail. What the heck does it want?
> > >
> > > [root@ldap2 fedora-ds]# ./startconsole Exception in thread "main"
> > > java.lang.UnsatisfiedLinkError:
> > > /opt/fedora-ds/lib/libjss3.so:
> > /opt/fedora-ds/lib/libjss3.so: cannot
> > > open shared object file: No such file or directory
> > >
> > > at java.lang.ClassLoader$NativeLibrary.load(Native Method)
> > > at
> java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560)
> > > at
> java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485)
> > > at java.lang.Runtime.loadLibrary0(Runtime.java:788)
> > > at java.lang.System.loadLibrary(System.java:834)
> > > at
> > >
> >
> org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManager.java:1
> > > 330)
> > >
> > > at
> > > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822)
> > > at
> > > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795)
> > > at
> > >
> >
> com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown
> > > Source)
> > > at
> > >
> >
> com.netscape.management.client.util.UtilConsoleGlobals.getLDAPSSLSocke
> > > tFactory(Unknown
> > > Source)
> > > at
> > >
> >
> com.netscape.management.client.console.Console.LDAPinitialization(Unkn
> > > own
> > > Source)
> > > at
> > >
> >
> com.netscape.management.client.console.Console.<init>(Unknown Source)
> > > at
> > com.netscape.management.client.console.Console.main(Unknown
> > > Source)
> > >
> > > Diana Shepard
> > > University of Colorado,Boulder
> > > University Management Systems
> > >
> > >
> > >
> >
> ----------------------------------------------------------------------
> > > --
> > >
> > > --
> > > Fedora-directory-users mailing list
> > > Fedora-directory-users(a)redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >
> > -------------- next part -------------- A non-text attachment was
> > scrubbed...
> > Name: smime.p7s
> > Type: application/x-pkcs7-signature
> > Size: 3178 bytes
> > Desc: S/MIME Cryptographic Signature
> > Url :
> > https://www.redhat.com/archives/fedora-directory-users/attachm
> ents/20060720/01edfbce/smime.bin
> >
> > ------------------------------
> >
> > Message: 3
> > Date: Fri, 21 Jul 2006 11:58:52 -0400
> > From: brian <brian.smith(a)worldpub.net>
> > Subject: Re: [Fedora-directory-users] Can't start console
> > To: "General discussion list for the Fedora Directory
> server project."
> > <fedora-directory-users(a)redhat.com>
> > Message-ID: <1153497532.22758.6.camel(a)localhost.localdomain>
> > Content-Type: text/plain
> >
> > what does "ls -l /opt/fedora-ds/lib/libjss3.so" show?
> >
> > On Thu, 2006-07-20 at 16:02 -0600, Diana Shepard wrote:
> > > I have Fedora DS v1.0.2 installed on Linux AS v. 4, 64-bit.
> > >
> > > I get the following when I try /opt/fedora-ds/startconsole. The
> > > libjss3.so file does indeed exist. I tried setting and exporting
> > >
> > > LD_LIBRARY_PATH=/opt/fedora-ds/shared/lib:/opt/fedora-ds/lib
> > >
> > > to no avail. What the heck does it want?
> > >
> > > [root@ldap2 fedora-ds]# ./startconsole Exception in thread "main"
> > > java.lang.UnsatisfiedLinkError: /opt/fedora-ds/lib/libjss3.so:
> > > /opt/fedora-ds/lib/libjss3.so: cannot open shared object
> > file: No such
> > > file or directory
> > >
> > > at
> java.lang.ClassLoader$NativeLibrary.load(Native Method)
> > > at
> > java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560)
> > > at
> java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485)
> > > at java.lang.Runtime.loadLibrary0(Runtime.java:788)
> > > at java.lang.System.loadLibrary(System.java:834)
> > > at
> > >
> > org.mozilla.jss.CryptoManager.loadNativeLibraries(CryptoManage
> > r.java:1330)
> > > at
> > > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:822)
> > > at
> > > org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:795)
> > > at
> > >
> >
> com.netscape.management.client.util.UtilConsoleGlobals.initJSS(Unknown
> > > Source)
> > > at
> > >
> > com.netscape.management.client.util.UtilConsoleGlobals.getLDAP
> > SSLSocketFactory(Unknown Source)
> > > at
> > >
> > com.netscape.management.client.console.Console.LDAPinitializat
> > ion(Unknown Source)
> > > at
> > >
> >
> com.netscape.management.client.console.Console.<init>(Unknown Source)
> > > at
> > com.netscape.management.client.console.Console.main(Unknown
> > > Source)
> > >
> > > Diana Shepard
> > > University of Colorado,Boulder
> > > University Management Systems
> > >
> > >
> > > --
> > > Fedora-directory-users mailing list
> > > Fedora-directory-users(a)redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
> >
> > ------------------------------
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users(a)redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
> > End of Fedora-directory-users Digest, Vol 14, Issue 22
> > ******************************************************
> >
>
17 years, 8 months
[Fedora-directory-users] Odd performance problem, server not using indeces
by George Daswani
Hello,
I have around 350K users in my test directory, and I'm running
into an odd problem with the directory not using indeces for
ldapsearches.
For example, using the following search string
(&(objectClass=organizationalPerson)(employeeNumber=*))
Looking at the console, there's a system index on objectClass (which is
set to equality), there's also an index on employeeNumber (both equality,
and presence).
There are around 5K icasOrgPersons (which can hold the employeeNumber
attribute), the rest can't. When the actual search (really slow as if it
was using a full scan) is performed, the access log files shows "notes=U"
meaning that the search was unindexed. The question is why considering
there were indeces built for the attributes in the search filter?
Thanks.
17 years, 8 months
[Fedora-directory-users] Fedora Core 5 Blocking on Boot
by Richi Plana
Hi,
I recently set up fedora-ds and managed to configure several FC5
machines to authenticate and get user information from the LDAP server.
Unfortunately, the laptop isn't always connected to the network so when
it boots up, the process hangs when it tries to start the "message bus".
I figure the process blocks when it tries to change UID to that of the
dbus user. When the machine isn't connected to the network (ie. no cable
and wireless isn't available), the process just hangs.
Any suggestions on fixing this?
--
Richi Plana <richip(a)richip.dhs.org>
17 years, 8 months
[Fedora-directory-users] Requirements
by kenwood
Sorry if these are really dumb questions but what software is required
before Fedora Directory can be installed?
Now, I know that Sun Java is needed. I've installed v 1.5.n and it tests
out ok.
Beyond Java, what else?
Do I need OpenLDAP or is that included with RPM?
Do I need Berkley SleepyCat or is that included?
Do I need OpenSSL or is it included? What about a certificate?
I have completed the Setup and FDS provides the login box but then it
fails with an error complaining that it could not start the Admin
Service.
And, this is where I become overwhelmed by a lack of understanding.
I cannot find docs that explain how to start the service and/or what the
required fields are.
I think the service is named 'ns-slapd.
If someone could provide an example of how to start the service I would
really appreciate the help.
Ken Wood
TLW Sports Company, LLC
Information Systems
p. 805.987.2255
c. 720.937.8295
17 years, 8 months