[Fedora-directory-users] New Replication Agreement Error
by Jared B. Griffith
I am getting the following error when trying to create a replication agreement for a 2nd slave only server.
NSMMReplicationPlugin - agmtlist_add_callback: Can't start agreement "cn=garryldap,cn=replica,cn=dc=farheap\,dc=com,cn=mapping tree,cn=config"
I currently have 2 master servers and 1 slave server. We want to put a slave server at each building location, however when trying to create a new replication agreement for our newest slave server, I get the aforementioned error. I was wondering if anyone else has run into this as my googling did not return many results at all.
On the other Master server I am able to create the replication agreement without any problems at all.
--
- Thank you,
- Jared B. Griffith
- Farheap Solutions, Inc.
- Lead Systems Administrator
- California IT Department
- Email - jared.griffith(a)farheap.com
- Phone - 949.417.1500 ext. 266
- Cell Phone - 949.910.6542
16 years, 5 months
[Fedora-directory-users] nsds5task
by James
Does anyone know much about the attribute nsds5task under
cn=replica,cn="m-suffix",cn=mapping tree,cn=config ?
I have a system with multiple directory servers using multi-master replication
which has 2 suppliers and 3 dedicated consumers. The system receives a large
amount of updates in a batch run at night. The problem I'm experiencing is
that if I point the batch run at one of the 2 suppliers, it runs considerably
slower than the other supplier (30-50%). The only difference I can find
between these two suppliers (other than some expected differences) is this
one attribute, who's value is set to "CL2LDIF" on the slow server, and the
attribute is not set on the other.
>From the very small amount of information I've found on this attribute, it
appears that it causes the directory server to dump its changelogs. Should
this attribute be set to "CL2LDIF" on one server constantly, but not be set
at all on the other? Might this setting be causing one slow server? If so,
how can I fix this situation?
Any help would be greatly appreciated.
Thanks,
~James
--
James Bushey
Software Engineer
Soleo Communications
(585) 641-4300 x0050
16 years, 5 months
[Fedora-directory-users] Fedora-DS with Xp Clients having Network Mapped drives
by Dane Shea
Hi I am trying to run a FDS server with Windows XP clients. Currently I am able to log in with the pGina on the Windows Xp Pro machines but now I want to automount a personal drive every time a user logs in. Is this possible or am I touching unknown territory between Linux and XP clients?
If it is possible what should I search for and what applications/programs should I use on both the client and server?
If it isn't possible what should I do to make it possible? Different directory server, different authentication program, different server OS?
--
Thanks
Dane Shea
16 years, 5 months
[Fedora-directory-users] Ldap user login problem in solaris 10
by Imtiaz Ahmed
hi
*I can't login Solaris 10 by ldap user*. I have installed Red hat 7.1 DS and
it's working fine with HP-UX and Linux.
I create a user named *ldaptst* under ou=profile,dc=test,dc=com,dc=bd
LDAP Client=Solaris 10
LDAP Server=HP-UX 11.23 (Red Hat DS 7.1)
Solaris 10
bash-3.00# more ldap_client_cred
#
# Do not edit this file manually; your changes will be lost.Please use
ldapclient (1M) instead.
#
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
NS_LDAP_BINDPASSWD= {NS1}f8670fc15443505d
bash-3.00# more ldap_client_file
#
# Do not edit this file manually; your changes will be lost.Please use
ldapclient (1M) instead.
#
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 10.10.96.114
NS_LDAP_SEARCH_BASEDN= dc=test,dc=com,dc=bd
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= sub
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_SERVER_PREF= 10.10.96.114
NS_LDAP_CACHETTL= 43200
NS_LDAP_PROFILE= default
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=profile,dc=test,dc=com,dc=bd?sub
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=profile,dc=test,dc=com,dc=bd?sub
NS_LDAP_BIND_TIME= 10
bash-3.00#
################
bash-3.00# ldaplist -l passwd
dn: uid=ldaptst,ou=profile,dc=test,dc=com,dc=bd
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
gidNumber: 65534
givenName: ldap
sn: Only
displayName: LDAP Test
uid: ldaptst
homeDirectory: /export/home
loginShell: /bin/ksh
cn: LDAP Test
uidNumber: 16954
bash-3.00#
################################
#
# /etc/nsswitch.ldap:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses LDAP in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# LDAP service requires that svc:/network/ldap/client:default be enabled
# and online.
# the following two lines obviate the "+" entry in /etc/passwd and
/etc/group.
passwd: files ldap
group: files ldap
# consult /etc "files" only if ldap is down.
hosts: files dns
# Note that IPv4 addresses are searched for in all of the ipnodes databases
# before searching the hosts databases.
ipnodes: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
netgroup: files
automount: files
aliases: files
# for efficient getservbyname() avoid ldap
services: files
printers: user files
auth_attr: files
prof_attr: files
project: files
####################/etc/pam.conf#########
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
#login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
login auth binding pam_unix_auth.so.1 server_policy
login auth required pam_ldap.so.1
#
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
#rlogin auth required pam_unix_auth.so.1
rlogin auth binding pam_unix_auth.so.1 server_policy
rlogin auth required pam_ldap.so.1
#
# Kerberized rlogin service
#
krlogin auth required pam_unix_cred.so.1
krlogin auth binding pam_krb5.so.1
krlogin auth required pam_unix_auth.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
rsh auth binding pam_unix_auth.so.1 server_policy
rsh auth required pam_ldap.so.1
#
# Kerberized rsh service
#
krsh auth required pam_unix_cred.so.1
krsh auth binding pam_krb5.so.1
krsh auth required pam_unix_auth.so.1
#
# Kerberized telnet service
#
ktelnet auth required pam_unix_cred.so.1
ktelnet auth binding pam_krb5.so.1
ktelnet auth required pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
#ppp auth required pam_unix_cred.so.1
ppp auth required pam_dial_auth.so.1
#ppp auth required pam_unix_auth.so.1
ppp auth binding pam_unix_auth.so.1 server_policy
ppp auth required pam_ldap.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
#other auth required pam_unix_auth.so.1
other auth binding pam_unix_auth.so.1 server_policy
other auth required pam_ldap.so.1
#
# passwd command (explicit because of a different authentication module)
#
#passwd auth required pam_passwd_auth.so.1
passwd auth binding pam_passwd_auth.so.1 server_policy
passwd auth required pam_ldap.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1
#other account required pam_unix_account.so.1
other account binding pam_unix_account.so.1 server_policy
other account required pam_ldap.so.1
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
#other password required pam_authtok_store.so.1
other password required pam_authtok_store.so.1 server_policy
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#
######################################### Access LOG from Server###########
[21/Nov/2007:10:32:07 +0600] conn=1576076 op=1 SRCH
base="ou=profile,dc=test,dc=com,dc=bd" scope=2
filter="(&(objectClass=shadowAccount)(uid=ldaptst))" attrs="uid userPassword
shadowFlag"
[21/Nov/2007:10:32:10 +0600] conn=1576077 op=1 SRCH
base="ou=profile,dc=test,dc=com,dc=bd" scope=2
filter="(&(objectClass=posixAccount)(uid=ldaptst))" attrs="cn uid uidNumber
gidNumber gecos description homeDirectory loginShell"
[21/Nov/2007:10:32:10 +0600] conn=1576078 op=1 SRCH
base="ou=profile,dc=test,dc=com,dc=bd" scope=2
filter="(&(objectClass=shadowAccount)(uid=ldaptst))" attrs="uid userPassword
shadowFlag"
[21/Nov/2007:10:32:10 +0600] conn=1576079 op=1 SRCH
base="ou=profile,dc=test,dc=com,dc=bd" scope=2
filter="(&(objectClass=posixAccount)(uid=ldaptst))" attrs="cn uid uidNumber
gidNumber gecos description homeDirectory loginShell"
[21/Nov/2007:10:32:10 +0600] conn=1576080 op=1 SRCH
base="ou=profile,dc=test,dc=com,dc=bd" scope=2
filter="(&(objectClass=shadowAccount)(uid=ldaptst))" attrs="uid userPassword
shadowFlag"
[21/Nov/2007:10:32:10 +0600] conn=1576081 op=1 SRCH
base="ou=profile,dc=test,dc=com,dc=bd" scope=2
filter="(&(objectClass=posixAccount)(uid=ldaptst))" attrs=ALL
[21/Nov/2007:10:32:10 +0600] conn=1576082 op=0 BIND
dn="uid=ldaptst,ou=profile,dc=test,dc=com,dc=bd" method=128 version=3
######################################
bash-3.00# ldapclient -v init -a profileName=default -a
proxyDN=cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd -a
proxyPassword=Dm123456 10.10.96.114:389
Parsing profileName=default
Parsing proxyDN=cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
Parsing proxyPassword=Dm123456
Arguments parsed:
proxyDN: cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
profileName: default
proxyPassword: Dm123456
defaultServerList: 10.10.96.114:389
Handling init option
About to configure machine by downloading a profile
findBaseDN: begins
findBaseDN: ldap not running
findBaseDN: calling __ns_ldap_default_config()
found 2 namingcontexts
findBaseDN: __ns_ldap_list(NULL, "(&(objectclass=nisDomainObject)(nisdomain=
test.com.bd))"
rootDN[0] dc=test,dc=com,dc=bd
found baseDN dc=test,dc=com,dc=bd for domain test.com.bd
Proxy DN: cn=proxyagent,ou=profile,dc=test,dc=com,dc=bd
Proxy password: {NS1}f8670fc15443505d
Credential level: 1
Authentication method: 1
About to modify this machines configuration by writing the files
Stopping network services
Stopping sendmail
stop: sleep 100000 microseconds
stop: network/smtp:sendmail... success
Stopping nscd
stop: sleep 100000 microseconds
stop: system/name-service-cache:default... success
Stopping autofs
stop: sleep 100000 microseconds
stop: sleep 200000 microseconds
stop: sleep 400000 microseconds
stop: sleep 800000 microseconds
stop: sleep 1600000 microseconds
stop: sleep 3200000 microseconds
stop: system/filesystem/autofs:default... success
ldap not running
nisd not running
nis(yp) not running
file_backup: stat(/etc/nsswitch.conf)=0
file_backup: (/etc/nsswitch.conf -> /var/ldap/restore/nsswitch.conf)
file_backup: stat(/etc/defaultdomain)=0
file_backup: (/etc/defaultdomain -> /var/ldap/restore/defaultdomain)
file_backup: stat(/var/nis/NIS_COLD_START)=-1
file_backup: No /var/nis/NIS_COLD_START file.
file_backup: nis domain is "test.com.bd"
file_backup: stat(/var/yp/binding/test.com.bd)=-1
file_backup: No /var/yp/binding/test.com.bd directory.
file_backup: stat(/var/ldap/ldap_client_file)=-1
file_backup: No /var/ldap/ldap_client_file file.
Starting network services
start: /usr/bin/domainname test.com.bd... success
start: sleep 100000 microseconds
start: network/ldap/client:default... success
start: sleep 100000 microseconds
start: system/filesystem/autofs:default... success
start: sleep 100000 microseconds
start: system/name-service-cache:default... success
start: sleep 100000 microseconds
start: network/smtp:sendmail... success
restart: sleep 100000 microseconds
restart: milestone/name-services:default... success
System successfully configured
bash-3.00#
######################333
regards
Imtiaz
16 years, 5 months
[Fedora-directory-users] pb.conf and an intranet.
by Matt Wells
Does anyone know how I can use my intranet to query my Directory
Server? I have the pb.conf file but the admin-serv interface is not
permitted on my server.
We only permit the normal 389 lookups.
What I would like is for my intranet on server1 to query with pb.conf
to server2 and get the information.?.?
16 years, 5 months
[Fedora-directory-users] user self-service
by Andrew Jennings
Hi All
I'm looking for a feature that would allow users to reset their
passwords or recover from forgotten passwords through a GUI. I can't
find a reference to anything like it in the docs.
Andy
16 years, 5 months
[Fedora-directory-users] Ivan Ferreira está ausente de la oficina.
by Ivan Ferreira
Estaré ausente de la oficina desde el 24/11/2007 y no volveré hasta el
02/12/2007.
Responderé a su mensaje cuando regrese.
========================================================================================
AVISO LEGAL: Esta información es privada y confidencial y está dirigida
únicamente a su destinatario. Si usted no es el destinatario original de
este mensaje y por este medio pudo acceder a dicha información por favor
elimine el mensaje. La distribución o copia de este mensaje está
estrictamente prohibida. Esta comunicación es sólo para propósitos de
información y no debe ser considerada como propuesta, aceptación ni como
una declaración de voluntad oficial de NUCLEO S.A. La transmisión de
e-mails no garantiza que el correo electrónico sea seguro o libre de error.
Por consiguiente, no manifestamos que esta información sea completa o
precisa. Toda información está sujeta a alterarse sin previo aviso.
This information is private and confidential and intended for the recipient
only. If you are not the intended recipient of this message you are hereby
notified that any review, dissemination, distribution or copying of this
message is strictly prohibited. This communication is for information
purposes only and shall not be regarded neither as a proposal, acceptance
nor as a statement of will or official statement from NUCLEO S.A. . Email
transmission cannot be guaranteed to be secure or error-free. Therefore,
we do not represent that this information is complete or accurate and it
should not be relied upon as such. All information is subject to change
without notice.
16 years, 5 months
[Fedora-directory-users] Account Inactive Attribute
by Jared B. Griffith
Is it possible from the command line to search for whether or not a particular user is Active or Inactive? If so, does anyone know what the attribute is?
--
- Thank you,
- Jared B. Griffith
- Farheap Solutions, Inc.
- Lead Systems Administrator
- California IT Department
- Email - jared.griffith(a)farheap.com
- Phone - 949.417.1500 ext. 266
- Cell Phone - 949.910.6542
16 years, 5 months