[Fedora-directory-users] Testing FDS 1.1
by carlopmart
Hi all,
As fedora web says: "The code has been completed for the new features in
Fedora DS 1.1. Our focus now is on whittling down the bug list, testing, and
updating the documentation". From where can I download a test release??
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
16 years, 6 months
[Fedora-directory-users] Windows Sync and displayname Attribute
by Glenn
We are trying to populate Active Directory using Fedora Directory and Windows
Sync. It works great if we make sure the FD data is in a format that AD will
accept. There is one hitch -- we need to fill the displayname attribute in
AD, since this will be used by our new Exchange address book. I tried adding
the "displayname" attribute to an FD user record, but it doesn't replicate to
AD, even after a full resync. Can anyone suggest how this could be done?
Thanks. -Glenn.
16 years, 6 months
[Fedora-directory-users] Automatically Full Re-syncronization Windows Synchronization agreement
by Fernando Muñoz
Hi,
I have installed FDS-1.0.4 with a Windows Synchronization agreement
against a Windows 2003 Domain Controller.
If the directory it's shutdown (stop or fallback), when I start it, I
have initiated Full Re-syncronization manually from console, because
appear this error-log:
[11/Oct/2007:14:02:08 +0200] NSMMReplicationPlugin -
agmt="cn=GRS_ppal-GRS_DA" (10:636): Replica has no update vector. It has
never been initialized.
Is it posible initialized automatically this agreement, with a special
attribute in the Synchronization agreement ldap entry? or in the init
script?
How?
I review the "CLI" and I don't find the attribute to initialized
automatically this agreement.
thanks,
16 years, 6 months
[Fedora-directory-users] AD with FDS with Dovecot
by Esteban Torres Rodriguez
I have installed my synchronous AD with FDS without no problem. The users I create all in AD. I want to install Postfix+Dovecot autenticando against FDS, but when I create a user in AD and synchronizes with FDS does not put the attributes to me to maildir, posixAccount, mailRecipient, etc... As I can solve this? If I synchronize of FDS to AD they appear to me? As I can modify the AD scheme? I need aid on this.
Excuse for my english.
Esteban Torres Rodríguez
ÁREA DE SOPORTE TÉCNICO - Administración de Servidores
Subdirección de Sistemas Informáticos
Empresa Pública Desarrollo Agrario y Pesquero,
email: etorres(a)dap.es
16 years, 6 months
[Fedora-directory-users] samba password change error
by Agnaldo Freitas
Hi everybody!
After several tips in relation to the correct way of configuring samba with Fedora-DS, everything was going well. But a few days a go, i was trying to configure the CUPS, and as it did not initiate then i tried to remove it, reinstall it, and to update it with the commands "yum remove cups*", "yum install cups" and "yum update cups*". Since then, i observed that the "password change"(syncronism) stopped to function with an old error message (you don't have permission to change the password).
Here, the passwords synchronization between samba and Fedora-DS only worked with "pam password":
It will be that someone can help me?
This is the configuration that functioned normally until i reinstalled the CUPS. (because, it is the only different thing that "i remember" i can have done).
/etc/samba/smb.conf
## Sincronizacao de senhas samba com Linux via windows
# ldap passwd sync = yes # here fails, i think it was because FDS doesn't have plugin for "pam_password exop" option.
pam password change = yes
unix password sync = Yes
passwd chat = *New*password* %n *Retype*new*password* %n *passwd:*all*authentication*tokens*updated*successfully*
passwd program = /usr/sbin/smbldap-passwd -u %u
obey pam restrictions = no
/etc/ldap.conf
base dc=sei,dc=intranet
host 192.168.2.3
rootbinddn cn=Directory Manager # It was my only problem in the past, i forgot this line!
timelimit 120
pam_lookup_policy yes
ssl no
pam_password crypt
/etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files ldap
rpc: files
services: files ldap
netgroup: files ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus
/etc/openladap/ldap.conf
URI ldap://127.0.0.1/
BASE dc=sei,dc=intranet
/etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so retry=3
password sufficient pam_unix.so md5 shadow nullok use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
session optional pam_ldap.so
Grateful for your attention,
Agnaldo
16 years, 6 months
[Fedora-directory-users] DB Recovery Help?
by Greg Copeland
I have two LDAP servers operating in a replication mode. This morning I
found the replicated server is no longer running. I tried to restart it
and I get this in the logs/errors files. How do I recovery my database?
Fedora-Directory/1.0.2 B2006.060.1928
eng2.efjdfw.local:389 (/opt/fedora-ds/slapd-engldap2)
[11/Oct/2007:08:56:29 -0500] - Fedora-Directory/1.0.2 B2006.060.1928
starting up
[11/Oct/2007:08:56:29 -0500] - Detected Disorderly Shutdown last time
Directory Server was running, recovering database.
[11/Oct/2007:08:56:29 -0500] - libdb: Ignoring log file:
/opt/fedora-ds/slapd-engldap2/db/log.0000000137: magic number 0, not
40988
[11/Oct/2007:08:56:30 -0500] - libdb: Invalid log file: log.0000000137:
Invalid argument
[11/Oct/2007:08:56:30 -0500] - libdb: First log record not found
[11/Oct/2007:08:56:30 -0500] - libdb: PANIC: Invalid argument
[11/Oct/2007:08:56:30 -0500] - Database Recovery Process FAILED. The
database is not recoverable. err=-30978: DB_RUNRECOVERY: Fatal error,
run database recovery
[11/Oct/2007:08:56:30 -0500] - Please make sure there is enough disk
space for dbcache (10485760 bytes) and db region files
[11/Oct/2007:08:56:30 -0500] - start: Failed to init database,
err=-30978 DB_RUNRECOVERY: Fatal error, run database recovery
[11/Oct/2007:08:56:30 -0500] - Failed to start database plugin ldbm
database
[11/Oct/2007:08:56:30 -0500] - WARNING: ldbm instance userRoot already
exists
[11/Oct/2007:08:56:30 -0500] binder-based resource limits -
nsLookThroughLimit: parameter error (slapi_reslimit_register() already
registered)
[11/Oct/2007:08:56:30 -0500] - start: Resource limit registration failed
[11/Oct/2007:08:56:30 -0500] - Failed to start database plugin ldbm
database
[11/Oct/2007:08:56:30 -0500] - Error: Failed to resolve plugin
dependencies
[11/Oct/2007:08:56:30 -0500] - Error: preoperation plugin 7-bit check is
not started
[11/Oct/2007:08:56:30 -0500] - Error: accesscontrol plugin ACL Plugin is
not started
[11/Oct/2007:08:56:30 -0500] - Error: preoperation plugin ACL
preoperation is not started
[11/Oct/2007:08:56:30 -0500] - Error: postoperation plugin Class of
Service is not started
[11/Oct/2007:08:56:30 -0500] - Error: preoperation plugin HTTP Client is
not started
[11/Oct/2007:08:56:30 -0500] - Error: database plugin ldbm database is
not started
[11/Oct/2007:08:56:30 -0500] - Error: object plugin Legacy Replication
Plugin is not started
[11/Oct/2007:08:56:30 -0500] - Error: object plugin Multimaster
Replication Plugin is not started
[11/Oct/2007:08:56:30 -0500] - Error: preoperation plugin Pass Through
Authentication is not started
[11/Oct/2007:08:56:30 -0500] - Error: postoperation plugin referential
integrity postoperation is not started
[11/Oct/2007:08:56:30 -0500] - Error: postoperation plugin Roles Plugin
is not started
[11/Oct/2007:08:56:30 -0500] - Error: object plugin Views is not started
Best Regards,
Greg Copeland
16 years, 6 months
[Fedora-directory-users] Howto issue Fedora-ds with an Microsoft Active Directory Enterprise Certificate
by Anthony Giggins
Can anyone tell me how I issue my Fedora-ds with a Microsoft Active
Directory Enterprise Certificate Authority?
As suggested in
http://directory.fedoraproject.org/wiki/Howto:WindowsSync#Enabling_SSL_W
ith_Fedora_Directory_Server
Note: Its always better to use the same Certificate Authority to
issue certificates to both Fedora Directory Server and Active Directory
to minimize any trust issues that might occur.
I already have my Microsoft Enterprise Certificate Authority imported
into CA Certs in Fedora Management Console but how can I create a server
certificate for my fedora directory server from my Microsoft Enterprise
Certificate Authority so both Active Directory SSL LDAP & FDS SSL LDAP
are using the same Certificate Authority?
Regards,
Anthony Giggins
16 years, 6 months
[Fedora-directory-users] Error 12 on sorted queries
by Scott Lacy
I'm still a little new at this, so hopefully this isn't a FAQ question,
but I am having issues with sorted queries. Single-user queries, and
queries without sorts seem to go fine, but I get error 12 (unavailable
critical extension) trying to do sorted queries, and returns zero
results when it should return five.
Log is below. Any idea? This is probably something I have to set up
somewhere, but I can't find anything in Google...
[10/Oct/2007:14:16:12 -0400] conn=49 fd=86 slot=86 connection from
a.b.c.d to e.f.g.h
[10/Oct/2007:14:16:12 -0400] conn=49 op=0 BIND dn="" method=128 version=3
[10/Oct/2007:14:16:12 -0400] conn=49 op=0 RESULT err=0 tag=97 nentries=0
etime=0 dn=""
[10/Oct/2007:14:16:12 -0400] conn=49 op=1 SRCH base="o=Mercer
University" scope=2 filter="(&(departmentNumber=Art)(school=College of
Liberal Arts))" attrs="a bunch of attributes here...."
[10/Oct/2007:14:16:12 -0400] conn=49 op=1 SORT sn givenName (*)
[10/Oct/2007:14:16:12 -0400] conn=49 op=1 RESULT err=12 tag=101
nentries=0 etime=0 notes=U
Thanks,
Scott
16 years, 6 months
[Fedora-directory-users] ldapmodify and Fedora DS migration
by Scott Lacy
All,
I am migrating an LDAP server off of Netscape I-Planet to Fedora
Directory Server 1.0.4. I am having some issues with ldapmodify in that
the command that worked in I-Planet 5.0 to do adds, modifiess, and
deletes from the same run doesn't seem to work in Fedora DS.
With I-Planet:
ldapmodify -a -c -D "cn=Directory Manager" -w xxxxx -f updates.ldif
would take updates.ldif and do the adds, modifies, and deletions that
were in the ldif all in one run.
However, to do the same thing in Fedora DS, I find that I am having to do:
ldapmodify -c -x -D "cn=Directory Manager" -w xxxxx -f updates.ldif
and then
ldapmodify -a -c -x -D "cn=Directory Manager" -w xxxxx -f updates.ldif
So I guess I wondering if there is a way to get one iteration of
ldapmodify to handle changes, adds, and deletes as the I-Planet version
did.
Thanks!
16 years, 6 months
