[Fedora-directory-users] FDS, pGina and Windows
by Jim Uriarte
I am trying to setup FDS to handle the bulk of authentication for my
company. I have been able to sucessfully authenticate users from
windows against fds using pgina with the ldapauth plugin. However, I
need to be able to restrict access to certain devices based on
presumably, group membership, and also grant adminstrator rights in
windows for specific users in fds based on their group membership. From
what I have been reading, the ldapauth plugin for pgina requires the
attribute "groupMembership" to exist and be appropriately populated. I
have not been able to figure out how to add this attribute to my user
nor find any other way to do any access control in windows.
Jim Uriarte
Linux Systems Administrator
BlooSky
16 years, 3 months
[Fedora-directory-users] Recommend architecture
by Beatriz Duran
In your opinion, which servers are the most recommendable for running a directory of 2 millions of registers? This directory will be used to validate user's loggings.
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
16 years, 3 months
Re: [Fedora-directory-users] problem with unique search on gidNumber
by Jason Beavers
Yep, "gidnumber.db4" is there.
----- Original Message ----
From: Rich Megginson <rmeggins(a)redhat.com>
To: General discussion list for the Fedora Directory server project. <fedora-directory-users(a)redhat.com>
Sent: Friday, December 14, 2007 10:19:54 AM
Subject: Re: [Fedora-directory-users] problem with unique search on gidNumber
Jason Beavers wrote:
> well i cheated (lazy :-) ) and edited the index configuration using
> the Fedora console, which regenerated the indexes.
You can check - look in /opt/fedora-ds/slapd-instancename/db/userRoot
and see if you have a gidNumber.db4 file.
> Or so i was lead to believe it would based on the documentation.
> should i be forcing it by runing the perl scripts instead?
>
> ----- Original Message ----
> From: Rich Megginson <rmeggins(a)redhat.com>
> To: General discussion list for the Fedora Directory server project.
> <fedora-directory-users(a)redhat.com>
> Sent: Friday, December 14, 2007 8:08:24 AM
> Subject: Re: [Fedora-directory-users] problem with unique search on
> gidNumber
>
> Jason Beavers wrote:
> > I'm trying to get unique searches working for "gidNumber." When
> > trying a search as below:
> >
> > ./ldapsearch -b "dc=mydomain,dc=int"
> > "(&(objectClass=groupOfNames)(gidNumber=205)(ou:dn:=Groups))" cn
> gidNumber
> >
> >
> > I'm getting results back with ALL entries with a gidNumber
attribute
> > set, instead of just the one entry that matches "gidNumber=205."
> > I've tried adding the gidNumber attribute to the indexes,
> What steps did you take? You created the index configuration? Then
ran
> db2index to generate the index files?
> > however i cannot seem to get it to respond with a unique result.
> Have you tried just "(gidNumber=205)" - does that work?
> >
> > What am I missing?
> >
> > Thanks in advance.
> >
> > -j
> >
> >
------------------------------------------------------------------------
> > Never miss a thing. Make Yahoo your homepage.
> > <http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs>
> >
------------------------------------------------------------------------
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users(a)redhat.com
> <mailto:Fedora-directory-users@redhat.com>
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
>
>
>
>
------------------------------------------------------------------------
> Looking for last minute shopping deals? Find them fast with Yahoo!
> Search.
>
<http://us.rd.yahoo.com/evt=51734/*http://tools.search.yahoo.com/newsearch...>
>
>
------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
16 years, 3 months
Re: [Fedora-directory-users] problem with unique search on gidNumber
by Jason Beavers
well i cheated (lazy :-) ) and edited the index configuration using the Fedora console, which regenerated the indexes.
Or so i was lead to believe it would based on the documentation. should i be forcing it by runing the perl scripts instead?
----- Original Message ----
From: Rich Megginson <rmeggins(a)redhat.com>
To: General discussion list for the Fedora Directory server project. <fedora-directory-users(a)redhat.com>
Sent: Friday, December 14, 2007 8:08:24 AM
Subject: Re: [Fedora-directory-users] problem with unique search on gidNumber
Jason Beavers wrote:
> I'm trying to get unique searches working for "gidNumber." When
> trying a search as below:
>
> ./ldapsearch -b "dc=mydomain,dc=int"
> "(&(objectClass=groupOfNames)(gidNumber=205)(ou:dn:=Groups))" cn
gidNumber
>
>
> I'm getting results back with ALL entries with a gidNumber attribute
> set, instead of just the one entry that matches "gidNumber=205."
> I've tried adding the gidNumber attribute to the indexes,
What steps did you take? You created the index configuration? Then
ran
db2index to generate the index files?
> however i cannot seem to get it to respond with a unique result.
Have you tried just "(gidNumber=205)" - does that work?
>
> What am I missing?
>
> Thanks in advance.
>
> -j
>
>
------------------------------------------------------------------------
> Never miss a thing. Make Yahoo your homepage.
> <http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs>
>
------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
16 years, 3 months
[Fedora-directory-users] perl script for setting up replication without console
by Ryan Braun
Here is the script I've been working on for setting up replication without
using the console.
It's basically an evolution the original mmr.pl, with new functionality.
It has a config file you need to properly setup, here is a quick rundown of
the options.
SUPPLIERS = All supplier servers that you want to monitor,setup. ; delimited
and you can specify the default port with a : (not required though)
CONSUMERS = All consumer servers.
ROOT_DN = user to bind with for modifying objects in cn=config (generally
cn=Directory Manager)
REP_DN = Replication Manager's dn (ie uid=RManager,cn=config)
REPMAN_PW = Replication Manager's password
PAM_SECRET = libpam-ldap's root bind dn password file (sucked in automatically
to use as the ROOT_DN's password
NSS_SECRET = same as above but will only get checked if PAM_SECRET doesn't
exist.
REP_ID = replica ID value for MMR. Set this to 1 when you first run and the
script will manage it from then on.
TLS = Set to 1 to always enable TLS, 0 or null for not always turned on (you
can pass the -z switch on startup to use TLS if it's set to 0 or null)
Switches
-z turn on TLS for all binds. (not for setting up of rep agreements though!)
If ldapsearch -ZZZ's work for you, this ***should*** aswell (not tested very
much :) )
-p prompt for ROOT_DN password
-c /path/to/config.conf specify an alternate config file (for rep'ing other
BASE_DN's)
-d this will dump all the rep objects/agreements from each server to the
terminal
Let me know how it works for you guys.
Ryan Braun
Informatics Operations
Aviation and Defence Services Division
Chief Information Officer Branch, Environment Canada
CIV: (204) 833-2500x2824 CSN: 257-2824 FAX: (204) 833-2524
E-Mail: Ryan.Braun(a)ec.gc.ca
16 years, 3 months
[Fedora-directory-users] problem with unique search on gidNumber
by Jason Beavers
I'm trying to get unique searches working for "gidNumber." When trying a search as below:
./ldapsearch -b
"dc=mydomain,dc=int"
"(&(objectClass=groupOfNames)(gidNumber=205)(ou:dn:=Groups))" cn gidNumber
I'm getting results back with ALL entries with a gidNumber attribute set, instead of just the one entry that matches "gidNumber=205."
I've tried adding the gidNumber attribute to the indexes, however i cannot seem to get it to respond with a unique result.
What am I missing?
Thanks in advance.
-j
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
16 years, 3 months
[Fedora-directory-users] Inexes
by Jared B. Griffith
If you have too many indexes, can this be a bad thing?
--
- Thank you,
- Jared B. Griffith
- Farheap Solutions, Inc.
- Lead Systems Administrator
- California IT Department
- Email - jared.griffith(a)farheap.com
- Phone - 949.417.1500 ext. 266
- Cell Phone - 949.910.6542
16 years, 3 months
[Fedora-directory-users] Posting of scripts to list?
by Ryan Braun
Just wondering what the list policy is for attaching scripts to the list. I
have my perl replication manager script somewhat done and would like to send
it to the list.
Ryan Braun
Informatics Operations
Aviation and Defence Services Division
Chief Information Officer Branch, Environment Canada
CIV: (204) 833-2500x2824 CSN: 257-2824 FAX: (204) 833-2524
E-Mail: Ryan.Braun(a)ec.gc.ca
16 years, 3 months
[Fedora-directory-users] Fractional Replication Updates
by Mike C
Hi,
Could someone clarify what exactly fractional replication updates are?
If I e.g. change a userPassword entry for a user in my ldap directory,
which is the master in a master-slave replication scenario, what gets
sent to the slave? The entry for that user, or just the changed
attribute, or even the entire directory? From my readings, I think
that a) With Fractional Replication, only the entry gets transmitted.
b) With Normal Replication, the whole entire directory gets
transmitted. Is this correct?
Is someone able to update the docs on this subject? The only section I
can find related to Fractional Updates is here:
http://directory.fedoraproject.org/wiki/Features and it is a 1 liner.
Thanks,
Mike
16 years, 3 months