[Fedora-directory-users] Replication multiple suffixes
by Jo De Troy
Hello,
I was wondering what the best way to setup multi-master replication was when
multiple suffixes exist on each supplier.
Should we first setup each supplier with the same root suffix in the
userRoot DB, then setup replication. Then create the 2nd suffix in a
separare database and setup replication for this suffix ...
I'm currently trying to use the mmr script to setup replication without succes.
I have 2 Fedora DS servers running each with a different suffix in
their userRoot and would like to setup replication te each other.
Thanks in advance,
Jo
16 years, 11 months
[Fedora-directory-users] RPM/SRPM issues and old RHEL
by Oliver Hookins
Hi there,
I'm trying to get started testing out Fedora Directory Server with the
goal of replacing our OpenLDAP infrastructure. Most of our servers are
RHEL3/4 so there are no big issues there since there are already
prepackaged binary RPMS for those platforms.
But we do have two RHEL2.1 server which we will definitely need packages
for in order to do any migration to FDS. Upgrading these servers to
RHEL3/4 is not an option. Looking at the spec file of the SRPM from
RHEL3 it seems like dependencies won't be a problem, the spec file
itself is a mess and doesn't come close to building everything (which I
understand is a work in progress).
So my questions are: has anyone got FDS running well on RHEL2.1 (either
by compiling directly from source, shoehorning the RPM from RHEL3 or
building the RPM from the SRPM)? Has anyone written their own spec file
from scratch to build FDS in its entirety from sources? I also wanted to
change the installation prefix from /opt so getting a working and
complete spec file would be very desirable.
--
Regards,
Oliver Hookins
Anchor Systems
17 years, 1 month
[Fedora-directory-users] FDS and AD
by Sergio Diaz
Hi People,
Its Possible Sync only in One Way ?
Users Windows AD -> FDS.
Or the other scenario its like OpenLDAP have a Meta Backend (2 LDAPs, 1
AD), its possible with FDS ?
Regards,
Sergio
17 years, 2 months
[Fedora-directory-users] [HELP] creating partition by command line
by Jorge Santos
Hello all,
I tried create one partition by command line, but it doesn't work.
And when I've tried to restart the console admin, it doesn's work too and
when I did a search for cn=mapping tree,cn=config subtree, it didn't return
anything.
I Tried follow the tutorial at this site:
http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#17741
I Created the database for root suffix, the root suffix(dc=mg), sub
suffix(ou=bh,dc=mg) and the database link(Contain a Referral for other
Server) for sub suffix at Main Server .
In the other server I created the root suffix(ou=bh,dc=mg) and the database
for this root suffix.
The LDIF's that i used for create these partitions as follow:
./ldapmodify -a -D "cn=directory manager" -w- -f /tmp/partition.ldif
Configuration for the Main Server
#Create the database
dn: cn=particaoManual,cn=ldbm database,cn=plugins,cn=config
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: "ou=bh,dc=mg"
#Create root suffix
dn: cn="ou=bh,dc=mg",cn=mapping tree,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
nsslapd-state: backend
nsslapd-backend: particaoManual
cn: ou=bh,dc=mg
#Create sub suffix
dn: cn="ou=bh,dc=mg",cn=mapping tree,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
nsslapd-state: Referral
nsslapd-referral: ldap://172.25.0.13:389/ou=bh,dc=mg
nsslapd-backend: particaoLink
nsslapd-parent-suffix: "dc=mg"
cn: ou=bh,dc=mg
#Create Database link
dn: cn=particaoLink,cn=chaining database,cn=plugins,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: ou=bh,dc=mg
nsfarmserverurl: ldap://172.25.0.13:389/
nsmultiplexorbinddn: uid=replicator,cn=config
nsmultiplexorcredentials: secret
cn: particaoLink
Configuration for the Other Server
./ldapmodify -a -D "cn=directory manager" -w- -f /tmp/subpartition.ldif
#Create the database
dn: cn=particaoManual,cn=ldbm database,cn=plugins,cn=config
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: "ou=bh,dc=mg"
#Create root suffix
dn: cn="ou=bh,dc=mg",cn=mapping tree,cn=config
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
nsslapd-state: backend
nsslapd-backend: particaoManual
cn: ou=bh,dc=mg
att,
Jorge Santos
17 years, 2 months
[Fedora-directory-users] Default locale
by Radek Hladik
Hi all,
how can I switch default locale used by FDS for sorting and string
comparsion? Or at least can this be set per LDAP connection?
Radek
17 years, 2 months
[Fedora-directory-users] number of output show in a search
by Wilmer Jaramillo M.
The Directory Server by default allow make consults anonymous with
ldapsearch, this is ok, nevertheless, exists the way of limit the
number of attributes/lines/output show with anonymous user?, also to
implement rules in where the user and administrator's users only can
see a max of N atributes in a search for example, of the attribute
'mail'.
ej. $ ldapsearch -x mail
1.- # Afrodita Alvarez, joe, People, example.com
dn: cn=Afrodita Alvarez,uid=wilmer,ou=People,dc=example,dc=com
mail: aalvarez(a)example.com
2.- # aperez, juancarlos, People, example.com
dn: uid=aperez,uid=juancarlos,ou=People,dc=example,dc=com
mail: aperez(a)example.com
...
N.- ...Full Users Output.
I want:
$ ldapsearch -x mail
1.- # Afrodita Alvarez, joe, People, example.com
dn: cn=Afrodita Alvarez,uid=wilmer,ou=People,dc=example,dc=com
mail: aalvarez(a)example.com
2.- # aperez, juancarlos, People, example.com
dn: uid=aperez,uid=juancarlos,ou=People,dc=example,dc=com
mail: jcarlos(a)example.com
...
25.- .... only max. 25 users.
thanks.
--
Wilmer Jaramillo M.
TALUG - http://www.linuxtachira.org
GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A
17 years, 2 months
[Fedora-directory-users] CoS + SASL problems?
by Hai Zaar
Dear list!
I'm using FDS-1.0.2 together with Heimdal Kerberos as NIS replacement.
I having rather strange problem with SASL.
I have two posixGroups. The first is
cn=peopleGroup,ou=people,dc=example,dc=com and the other is
cn=testGroup,ou=Groups,dc=example,dc=com
testGroup is affected by Pointer CoS - this important!
On client I run:
# kinit foo
# ldapsearch -h directory.example.com -b "dc=example,dc=com" -s sub
-Y GSSAPI -I '(&(objectClass=posixGroup)(cn=peopleGroup))'
Search returns sane results. However running serach for testGroup
returns the following:
---------------------------
# ldapsearch -h directory.example.com -b "dc=example,dc=com" -s sub
-Y GSSAPI -I '(&(objectClass=posixGroup)(cn=testGroup))'
SASL/GSSAPI authentication started
SASL Interaction
Please enter your authorization name:
SASL username: foo(a)EXAMPLE.COM
SASL SSF: 56
SASL installing layers
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (&(objectClass=posixGroup)(cn=testGroup))
# requesting: ALL
#
ldap_result: Can't contact LDAP server (-1)
---------------------------
If I remove CoS from ou=Groups,dc=example,dc=com, then It all works OK
(but of course I do not get any of 'uniquememeber' attributes that
come from CoS).
The most strange things is however that if I set
SASL_SECPROPS maxssf=0
in /etc/openldap/ldap.conf, then everything works just fine (but no security).
To the end, here is what FDS access log says:
[10/Sep/2006:17:02:51 +0300] conn=111 fd=67 slot=67 connection from
10.0.2.236 to 10.0.0.10
[10/Sep/2006:17:02:51 +0300] conn=111 op=0 BIND dn="" method=sasl
version=3 mech=GSSAPI
[10/Sep/2006:17:02:51 +0300] conn=111 op=0 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[10/Sep/2006:17:02:51 +0300] conn=111 op=1 BIND dn="" method=sasl
version=3 mech=GSSAPI
[10/Sep/2006:17:02:51 +0300] conn=111 op=1 RESULT err=14 tag=97
nentries=0 etime=0, SASL bind in progress
[10/Sep/2006:17:02:51 +0300] conn=111 op=2 BIND dn="" method=sasl
version=3 mech=GSSAPI
[10/Sep/2006:17:02:51 +0300] conn=111 op=2 RESULT err=0 tag=97
nentries=0 etime=0 dn="uid=foo,ou=people,dc=example,dc=com"
[10/Sep/2006:17:02:51 +0300] conn=111 op=3 SRCH
base="dc=example,dc=com" scope=2
filter="(&(objectClass=posixGroup)(cn=testGroup))" attrs=ALL
[10/Sep/2006:17:02:51 +0300] conn=111 op=3 fd=67 closed - B4
It looks like server just drops connection. Error logs indicate nothing.
Any ideas anyone?
--
Zaar
17 years, 2 months
Re: [Fedora-directory-users] next release?
by Jo De Troy
Hi,
I'd be particularly interested in a 1.0.3 release on RHEL4 for i386.
Would it be possible in the new packaging to update only the
ldapserver and not eg the dsgw.
And the other way around?
Kind Regards,
Jo
17 years, 2 months
Re: [Fedora-directory-users] next release?
by Jo De Troy
Hi,
I'd also like a 1.0.3 release which includes the ldappasswd_crash solution.
What's the status of the samba integration for password sync?
In the new packaging will the admin-server, etc then be seperate rpms?
Kind Regards,
Jo
17 years, 2 months
