[Fedora-directory-users] problem with certificate
by Elisa Pellegrini
Hi!
I have some problem with certificate.
I'm using Fc6 and here I install FDS. I follow the guide " Obtaining and Installing Server Certificates " and "Enabling SSL in the Directory Server, Admin
Server, and Console" with console. Everything seems correct but when I estart the Admin Server and Directory Server from the command-line an error message appear and is impossible for me to restart server end console.
What is the problem? Can You help me?
Thanks!
16 years, 6 months
[Fedora-directory-users] netscape error
by Zahra Bahar
Hi all,
I installed fedora-ds-1.0.4-1 and j2re-1.4.2_16-fcs. but now when I want to connect to the console there is this error:
can not connect to the directory server:
netscape.ldap.LDAPException:error result(34);invalid DN; invalid DN syntax
what is wrong?what should I do?
thanks
16 years, 6 months
[Fedora-directory-users] Problem with getting FDS and AD to sync
by Timothy Hunt
I've taken over control of an FDS and an AD server which had been set
up before I got to it. I'm still fairly new to LDAP and related
things. I come from a unix background rather than windows.
At some point, users put into FDS were replicated on the AD server
correctly. Subsequently, the flat "structure" of the users in FDS
was improved to be more hierarchical. However, new users added into
FDS are not being added into AD. I'm also not familiar enough with
AD to know where to see the OU structure that is present in FDS in
AD. I'm not even sure if AD would have that structure. I'm at a bit
of a loss as to how to start diagnosing where the problem is, let
alone fixing it.
I've looked at http://directory.fedoraproject.org/wiki/
Howto:WindowsSync but as that is focussed on setting it up initially,
I'm not sure how much of it applies.
Help on how to start solving this welcomed.
Timothy
16 years, 6 months
[Fedora-directory-users] Can't locate CSN in Multi-Master replica
by Dael Maselli
Hi all,
I have a multiple master configured with SSL Authentication, it seemed
to work correctly, but since a moment (I don't know when) it gave me
errors and it doesn't work anymore.
When I try to do an update from A to B it works, but from B to A I get
this in the B log:
[26/Oct/2007:16:53:08 +0200] agmt="cn=B-A" (A:636) - Can't locate CSN 47220f50000000020000 in the changelog (DB rc=-30990). The
consumer may need to be reinitialized.
The A logs is:
[26/Oct/2007:16:47:09 +0200] conn=17 SSL 256-bit AES; client CN=B,L=Lecce,OU=Host,O=INFN,C=IT; issuer CN=INFN CA,O=INFN,C=IT
[26/Oct/2007:16:47:09 +0200] conn=17 SSL client bound as cn=B,cn=config
[26/Oct/2007:16:47:09 +0200] conn=17 op=0 BIND dn="" method=sasl version=3 mech=EXTERNAL
[26/Oct/2007:16:47:09 +0200] conn=17 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=B,cn=config"
[26/Oct/2007:16:47:09 +0200] conn=17 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension"
[26/Oct/2007:16:47:09 +0200] conn=17 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[26/Oct/2007:16:47:09 +0200] conn=17 op=2 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension"
[26/Oct/2007:16:47:09 +0200] conn=17 op=2 RESULT err=0 tag=101 nentries=1 etime=0
[26/Oct/2007:16:47:09 +0200] conn=17 op=3 EXT oid="2.16.840.1.113730.3.5.3" name="Netscape Replication Start Session"
[26/Oct/2007:16:47:09 +0200] conn=17 op=3 RESULT err=0 tag=120 nentries=0 etime=0
[26/Oct/2007:16:47:10 +0200] conn=17 op=4 EXT oid="2.16.840.1.113730.3.5.5" name="Netscape Replication End Session"
[26/Oct/2007:16:47:10 +0200] conn=17 op=4 RESULT err=0 tag=120 nentries=0 etime=0
as you can see there isn't the MOD line
If I try to reinitialize A I get this error on B:
NSMMReplicationPlugin - replica_reload_ruv: Warning: new data for replica dc=infn,dc=it does not match the data in the changelog.
Recreating the changelog file. This could affect replication with replica's consumers in which case the consumers should be
reinitialized.
the parts exchanges and I can do updates from B to A and not from A to B.
I tried to delete changelog as I read on the manual, also tried to
delete and recreate all the replica and agreements but no way to get it work!
Thank you!
Dael.
--
___________________________________________________________________
Dael Maselli --- INFN-LNF Computing Service -- +39.06.9403.2214
___________________________________________________________________
Democracy is two wolves and a lamb voting on what to have for lunch
___________________________________________________________________
16 years, 6 months
[Fedora-directory-users] Windows Sync only works one way
by Glenn
I set up a Windows Sync agreement between Fedora Directory and Windows NT,
but it only works one way. If I change the "description" attribute in FD and
click "Send and Receive Updates", nothing happens. If I click "Send and
Receive Updates" again, the description in FD is overwritten by the older
description in NT. If I change the description in NT, it is immediately
changed in FD. The same thing happens if I do a full resync. What possible
causes could result in this one-way sync behavior?
The one-way problem seems limited to our production NT server. I set up
replication on a test system, and it works correctly. Thanks for any
suggestions. -Glenn.
16 years, 6 months
[Fedora-directory-users] gentoo and web console
by Kirill Petrov
Hello everybody,
I installed FDS on Gentoo 2007.0 using the instructions provided at this
url:
http://gentoo-wiki.com/HOWTO_Install_Fedora_Directory_Server
I did everything according to the manual except that I installed apache
2.2.6 and had to modify httpd.conf to load cgid module instead of cgi
module.
In general everything seems to work but when I tried to use the web
console Fedora Administration Express
<http://ld.farheap.com:46406/admin-serv/tasks/configuration/HTMLAdmin?op=i...>
it gave me a blank screen with a message:
NMC_Status: 1 NMC_ErrType: NMC_ErrInfo: NMC_ErrDetail:
The organization charts functionality does not work either, it gives me:
Internal Server Error
The server encountered an internal error or misconfiguration and was
unable to complete your request.
Please contact the server administrator, [no address given] and inform
them of the time the error occurred, and anything you might have done
that may have caused the error.
More information about this error may be available in the server error log.
The logs have the following records:
Can't load '/opt/fedora-ds/lib/perl/arch/auto/Mozilla/LDAP/API/API.so'
for module Mozilla::LDAP::API: libssl3.so: cannot open shared object
file: No such file or di\
rectory at /usr/lib/perl5/5.8.8/i686-linux/DynaLoader.pm line 230.
at /opt/fedora-ds/lib/perl/Mozilla/LDAP/Utils.pm line 32
Compilation failed in require at
/opt/fedora-ds/lib/perl/Mozilla/LDAP/Utils.pm line 32.
BEGIN failed--compilation aborted at
/opt/fedora-ds/lib/perl/Mozilla/LDAP/Utils.pm line 32.
Compilation failed in require at
/opt/fedora-ds/lib/perl/Mozilla/LDAP/Conn.pm line 36.
BEGIN failed--compilation aborted at
/opt/fedora-ds/lib/perl/Mozilla/LDAP/Conn.pm line 36.
Compilation failed in require at /opt/fedora-ds/clients/orgchart/bin/org
line 79.
BEGIN failed--compilation aborted at
/opt/fedora-ds/clients/orgchart/bin/org line 79.
[Wed Oct 24 08:15:01 2007] [error] [client 192.168.11.10] Premature end
of script headers: org, referer:
http://ld:46406/clients/orgchart/html/topframe.\
html
Does anybody know how to install Fedora Directory Server properly on Gentoo?
thanks,
Kirill
16 years, 6 months
[Fedora-directory-users] mandated TLS connections
by John gray
---------- Forwarded message ----------
From: John gray <gnulinux9(a)googlemail.com>
Date: Oct 22, 2007 5:16 PM
Subject: mandated TLS connections
To: fedora-directory-users(a)redhat.com
Hi all,
I migrated from openldap to redhat directory server.
In openldap I mandated TLS connections
ie:
[root@bjoshi ~]# ldapsearch -x -h 10.1.1.8 uid=bjoshi
ldap_bind: Confidentiality required (13)
additional info: TLS confidentiality required
[root@bjoshi ~]# ldapsearch -x -LL -ZZ -h 10.1.1.8 uid=bjoshi mail
version: 1
dn: uid=bjoshi,ou=people,dc=example,dc=com
mail: bjoshi(a)example.com
Below ioption in /etc/openldap/slapd.conf for enforcing.
security ssf=128 update_ssf=128 simple_bind=128 update_tls=128 tls=128
On the rhds machines tls works, but it also allows plain text searches.
Can anyone suggest configuration in rhds to force tls search only
Also note, follow the below documentation
http://directory.fedoraproject<http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients>
.org/wiki/Howto:SSL#Configure_LDAP_clients
<http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients>
and enabling
nsServerSecurity: on
does not solve the problem.
Only SSL is not option
Regards,
Bhargav
16 years, 6 months
[Fedora-directory-users] Samba schema
by Matthias Dieter Wallnöfer
Hi!
I asked myself many times why the Fedora Directory Server isn't bundeled
with a schema for Samba 3. I think, this is nearly as important as the
RFC and Java schema, because many people use this software in
combination with Samba. So, is there a special reason why this wasn't
done yet?
Maybe a second step would be to write a Samba-Plugin for the management
console.
Matthias
16 years, 6 months
[Fedora-directory-users] Virtual Views problem
by Fabrice Durand
Hi,
i try to understand what's wrong with my virtual views.
I've got an 'ou' where all my users are (ou=People,dc=test,dc=fr)
So i create a virtual views with différent ou with objectclass : nsview and
with nsViewFilter: (something) like this:
dn: ou=entreprise,ou=annuaire,dc=test,dc=fr
modifytimestamp: 20071005102053Z
modifiersname: cn=directory manager
ou: Cap l'Orient
objectClass: organizationalUnit
objectClass: top
objectClass: nsview
creatorsname: cn=directory manager
createtimestamp: 20060130145928Z
nsuniqueid: fad66382-1dd111b2-8076e5f7-b3860000
parentid: 323
entryid: 324
entrydn: ou=entreprise,ou=annuaire,dc=test,dc=fr
numsubordinates: 8
subschemasubentry: cn=schema
hassubordinates: TRUE
dn: ou=Services Fonctionnels,ou=entreprise,ou=annuaire,dc=test,dc=fr
modifytimestamp: 20071008122956Z
modifiersname: cn=directory manager
nsViewFilter: (departmentnumber=DGSF*)
objectClass: organizationalUnit
objectClass: top
objectClass: nsview
ou: DG Services Fonctionnels
creatorsname: cn=directory manager
createtimestamp: 20060130145928Z
nsuniqueid: fad66383-1dd111b2-8076e5f7-b3860000
parentid: 324
entryid: 325
entrydn: ou=services fonctionnels,ou=entreprise,ou=annuaire,dc=test,dc=fr
numsubordinates: 3
subschemasubentry: cn=schema
hassubordinates: TRUE
dn: ou=Ressources Humaines,ou=Services
Fonctionnels,ou=entreprise,ou=annuaire,dc=test,dc=fr
modifytimestamp: 20071005102032Z
modifiersname: cn=directory manager
nsViewFilter: (departmentnumber=DGSF-RH)
objectClass: organizationalUnit
objectClass: top
objectClass: nsview
ou: Ressources humaines
creatorsname: cn=directory manager
createtimestamp: 20060130145928Z
nsuniqueid: fad66384-1dd111b2-8076e5f7-b3860000
parentid: 325
entryid: 326
entrydn: ou=ressources humaines,ou=services
fonctionnels,ou=entreprise,ou=annuaire,dc=test,dc=fr
numsubordinates: 0
subschemasubentry: cn=schema
hassubordinates: FALSE
....
The problem is when it try to get all the hierarchy with a perl script or
with php under ou=entreprise,ou=annuaire,dc=test,dc=fr , FDS doesn't return
all the ou. (with phpldapadmin i can see the hierarchy)
The perl script i use to get all the hierarchy:
use Net::LDAP;
use Switch;
$ldup = Net::LDAP->new( '127.0.0.1' ) or die "$@";
$masg = $ldup->bind ; # an anonymous bind
$masg = $ldup->search( # perform a search
base =>
"ou=entreprise,ou=annuaire,dc=caplorient,dc=com",
scope => 'sub',
filter => "(objectClass=nsview)"
);
$masg->code && die $masg->error;
foreach $entry ($masg->entries)
{
$uid=$cn=$givenname=$mail=$sn="NULL";
$dn=$entry->dn();
foreach $attr ($entry->attributes)
{
if($attr eq ou)
{
$uid=$entry->get_value($attr);
print $dn."\n";
print $uid."\n";
}
}
}
$mesg = $ldup->unbind; # take down session
If anyone has got the same type of problem , thank you in advance for the
answer
Fabrice
16 years, 6 months