[Fedora-directory-users] howto delete ldbm database ?
by PaLo
I'm using fedora-ds-1.0.4-1.RHEL4 I have created a LDBM database for a new
tree in LDAP and now I´m trying to delete it. I have recursively deleted
the entrys:
cn=mydatabase, cn=ldbm database, cn=plugins, cn=config
cn=mybasedn_of_mydatabase, cn=mapping tree, cn=config
This operation has removed the tree in LDAP, but I need to delete de DB
files located in /opt/fedora-ds/slapd-myinstance/db/mydatabase
¿How can I safely remove this files?
THANKS
16 years, 6 months
[Fedora-directory-users] Error Logging Performance
by Roman RATHLER
Hi,
If I activate error logging for ACL Control Summary or similar, the machine
totaly goes into IO-Wait. It just writes maybe 100K/second but is totaly
unusable any more... From normal 1% CPU Load (on a 2 Way Xeon) it moves to
200% CPU Utilization.
Debugging ACLs therefore is nearly impossible on a productive system...
We run the Fedora-DS 1.0.4 (fedora-ds-1.0.4-1.RHEL4) on an up2date CentOS
System... Is there any perfomance tuning option like with the log-buffering
for access log. I can't see, why logging kills the machine!
cheers.roman
16 years, 6 months
[Fedora-directory-users] error loading startconsole
by jhon choptieso
Greetings.
After of installation and configuration of fedora-ds, i have errors
loading the console, here the log:
[root@ds1 fedora-ds]# ./startconsole -u admin http://ds1.foo.com:9999/
Exception in thread "main" java.lang.UnsupportedClassVersionError:
com/netscape/management/client/console/Console (Unsupported
major.minor version 49.0)
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$100(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
i have the last sun jre.
--
jhon choptieso
16 years, 6 months
[Fedora-directory-users] RE: Fedora-directory-users Digest, Vol 29, Issue 5
by Clementous Clement
Richard,
I'm trying to use Netgroups to employ control access to groups of hosts
to groups of users just as with NIS. I've searched the web for decent
example to create the netgroup containter within FDS, but haven't
discovered any.
=-Clem
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of
fedora-directory-users-request(a)redhat.com
Sent: Thursday, October 04, 2007 9:00 AM
To: fedora-directory-users(a)redhat.com
Subject: Fedora-directory-users Digest, Vol 29, Issue 5
Send Fedora-directory-users mailing list submissions to
fedora-directory-users(a)redhat.com
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/fedora-directory-users
or, via email, send a message with subject or body 'help' to
fedora-directory-users-request(a)redhat.com
You can reach the person managing the list at
fedora-directory-users-owner(a)redhat.com
When replying, please edit your Subject line so it is more specific than
"Re: Contents of Fedora-directory-users digest..."
Today's Topics:
1. Re: nss_ldap cannot authenticate vs FDS (Peter Santiago)
2. Re: problem with SSL and load balance (Enrico M. V. Fasanelli)
3. linux authentication though ds (lance raymond)
4. RE: problem with SSL and load balance (Richard Hesse)
5. Re: problem with SSL and load balance (Jazcek Braden)
6. Re: linux authentication though ds (Marc Sauton)
7. Re: problem with SSL and load balance (Marc Sauton)
8. Re: problem with SSL and load balance (Marc Sauton)
9. Fedora-DS/netgroup configuration (Clementous Clement)
10. Re: Fedora-DS/netgroup configuration (Steve Rigler)
11. Re: RedHat 4/Fedora-DS - SSL Cert DB not readable? (Glenn)
----------------------------------------------------------------------
Message: 1
Date: Thu, 04 Oct 2007 00:08:05 +0800
From: Peter Santiago <peters(a)psinergybbs.com>
Subject: Re: [Fedora-directory-users] nss_ldap cannot authenticate vs
FDS
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users(a)redhat.com>, Steve Rigler
<srigler(a)marathonoil.com>
Message-ID: <20071004000805.w0m9bmxk6cws4sk0(a)webmail.psinergybbs.com>
Content-Type: text/plain; charset="iso-8859-1"
Skipped content of type multipart/alternative-------------- next part
-------------- A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3051 bytes
Desc: S/MIME Cryptographic Signature
Url :
https://www.redhat.com/archives/fedora-directory-users/attachments/20071
004/cd9c6979/smime.bin
------------------------------
Message: 2
Date: Wed, 03 Oct 2007 19:49:56 +0200
From: "Enrico M. V. Fasanelli" <Enrico.M.V.Fasanelli(a)le.infn.it>
Subject: Re: [Fedora-directory-users] problem with SSL and load
balance
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users(a)redhat.com>
Message-ID: <4703D644.9020608(a)le.infn.it>
Content-Type: text/plain; charset="iso-8859-1"
Hi Victor,
have you tried with a certificate that contains the alternate name of
the server?
Something like
X509v3 Subject Alternative Name: DNS:fds.mydomain.com,
DNS:fds1.mydomain.com
Ciao,
Enrico
Victor Hugo dos Santos wrote:
> Hello List,
>
> I have the same problem that Alex Aka in Apr 2006
>
http://www.redhat.com/archives/fedora-directory-users/2006-April/msg0002
2.html
>
> I have two FDS (fds1 and fds2) in MMR
>
> in the DNS I create this machines
>
> fds1 IN A 10.0.0.11
> fds2 IN A 10.0.0.12
> fds IN A 10.0.0.11
> fds IN A 10.0.0.12
>
> in the clients, I configure the ldap.conf with this parameters:
>
> BASE dc=mydomain,dc=com
> URI ldap://fds.mydomain.com
>
> this configuration work very,very fine !!!! exist replication between
> servers and fault tolerance in the clients.. but i enable SSL in
> server and in the clients (ldap.conf)
>
>
> BASE dc=mydomain,dc=com
> URI ldaps://fds.mydomain.com
> TLS_CACERT /etc/ssl/certs/cacert.org.pem
> TLS_REQCERT allow
>
> and "no" work !!! :-( i receive this error:
>
> ldap_bind: Can't contact LDAP server (-1)
>
> additional info: TLS: hostname does not match CN in peer certificate
>
> this problem, is derivate that i configured the servers with one
> certificate and distinct CN for independent serves (fds1 and fds2)...
>
> if I config one same certificate with same CN (fds) for both nodes
> (fds1 and fds2).. work fine in the clients, but the replication dont
> work !!! :-(
>
> obs.: my certificates is sign in http://cacert.org
>
> any idea or suggestion ???
>
> thanks
>
>
--
Pochi conoscono cio' che ha veramente scoperto Einstein:
quando mangiamo spaghetti, in effetti stiamo masticando
un concentrato di Spazio-Tempo.
(Antonino Zichichi)
16 years, 6 months
[Fedora-directory-users] problem with SSL and load balance
by Victor Hugo dos Santos
Hello List,
I have the same problem that Alex Aka in Apr 2006
http://www.redhat.com/archives/fedora-directory-users/2006-April/msg00022...
I have two FDS (fds1 and fds2) in MMR
in the DNS I create this machines
fds1 IN A 10.0.0.11
fds2 IN A 10.0.0.12
fds IN A 10.0.0.11
fds IN A 10.0.0.12
in the clients, I configure the ldap.conf with this parameters:
BASE dc=mydomain,dc=com
URI ldap://fds.mydomain.com
this configuration work very,very fine !!!! exist replication between
servers and fault tolerance in the clients.. but i enable SSL in
server and in the clients (ldap.conf)
BASE dc=mydomain,dc=com
URI ldaps://fds.mydomain.com
TLS_CACERT /etc/ssl/certs/cacert.org.pem
TLS_REQCERT allow
and "no" work !!! :-( i receive this error:
ldap_bind: Can't contact LDAP server (-1)
additional info: TLS: hostname does not match CN in peer certificate
this problem, is derivate that i configured the servers with one
certificate and distinct CN for independent serves (fds1 and fds2)...
if I config one same certificate with same CN (fds) for both nodes
(fds1 and fds2).. work fine in the clients, but the replication dont
work !!! :-(
obs.: my certificates is sign in http://cacert.org
any idea or suggestion ???
thanks
--
--
Victor Hugo dos Santos
Linux Counter #224399
16 years, 6 months
[Fedora-directory-users] Samba - Fedora DS password update
by Alan Orlič Belšak
Hello,
one question, is there a way to update both Samba and LDAP passwords at
same time? I don't know what I'm doing wrong but whatever I do I'm able
to update only Samba password. Because Samba an LDAP are both on same
server I really don't like to install extra SSL/TLS. Here is Samba
config. Also, why I newer get the password chat window as is defined in
Samba?
Alan
Samba config:
[global]
workgroup = ZDL
security = user
netbios name=pdc
passdb backend = ldapsam:ldap://pdc.zd-lj.lan
ldap admin dn = "cn=Directory Manager"
ldap suffix = dc=zd-lj,dc=lan
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
log file = /var/log/samba/%m.log
log level = 2
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 66
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
wins support = yes
idmap uid = 15000-20000
idmap gid = 15000-20000
passwd program = /opt/IDEALX/sbin/smbldap-passwd %u
passwd chat = *old*password* %o\n *new*password* %n\n *new*password*
%n\n *changed*
#passwd chat timeout = 2
ldap passwd sync = no
password server = PDC
unix password sync = yes
passwd chat debug = yes
encrypt passwords = yes
...
16 years, 6 months
[Fedora-directory-users] Roles, Groups and Samba
by denmat
Hi List,
I am in the process of testing Fedora DS with a Samba installation on
Fedora Core 7 (fedora-ds-1.0.4-1, samba-3.0.26a-0).
As a general question, what has been the experience people have had
with their installations of it?
How have people dealt with Groups and Roles in relation to Samba?
Especially in relation to samba Domain group mappings (Domain Admins,
users, etc).
Also has anyone used the CoS to share directories (both in samba and
nfs automounts) as attributes in user DNs?
Any handy doco people can point me to?
Regards,
Denmat
16 years, 6 months
[Fedora-directory-users] RedHat 4/Fedora-DS - SSL Cert DB not readable?
by Travis
Hi,
We're preparing to upgrade from the initial DS release to 1.0.4-1 on our
RHEL4 servers. In testing, we've hit a brick wall while trying to set
up SSL. We can install the server just fine, but when clicking on
"Manage Certificates" in the console we get the following:
could not open file slapd-$hostname-cert8.db
We get the same type of error when trying to manage the admin server
certs.
This is a completely fresh install, and we've double checked file
ownership, so permissions are not an issue. After working on this for a
while, I tried installing the FC6 rpm on my FC6 desktop with the same
settings and JVM, which worked just fine...so its something specific
about the RHEL4 version or its dependencies.
I found one other post about this kind of issue (From Nov 2006 by Graham
Leggett), but I never saw a solution. I have even tried initializing
the DBs by hand with certutil, but this does not appear to make a
difference.
Any advice?
Thanks,
Travis
16 years, 6 months
