The name PassSync would indicate that this utility synchronizes
passwords, can anything else be sync'd? I need to be able to sync all of
the following: users, groups, systems, email addresses, and passwords, etc.
Can PassSync do all that? If not is there another utility you might
recommend, either using FDS or not?
The sender of this email subscribes to Perimeter Internetworking's email
anti-virus service. This email has been scanned for malicious code and is
to be virus free. For more information on email security please
This communication is
confidential, intended only for the named recipient(s)
above and may contain trade secrets
or other information that is exempt from
disclosure under applicable law. Any use,
dissemination, distribution or
copying of this communication by anyone other than the named
strictly prohibited. If you have received this communication in error,
delete the email and immediately notify our Command Center at 203-541-3444.
I have built and installed fedora-ds 1.0.4 twice now using the dsbuild
script. Once with a jdk of 188.8.131.52 (64bit) and once with a jdk of
The ds builds fine, I run the setup and go through the wizard,
everything is installed, started up and running. When I try to connect
using the console I get:
"Cannot connect to the directory server: netscape.ldap.LDAPException:
error result (32); No such object"
I then look in the access log of the ldap server and see:
[27/Apr/2007:10:42:13 -0400] conn=7 fd=65 slot=65 connection from
192.168.1.162 to 192.168.1.222
[27/Apr/2007:10:42:13 -0400] conn=7 op=0 BIND dn="(null)" method=128
[27/Apr/2007:10:42:13 -0400] conn=7 op=0 RESULT err=32 tag=97 nentries=0
I know that what is *supposed* to be in the BIND dn field is more along
the lines of:
[27/Apr/2007:10:34:29 -0400] conn=135705 fd=76 slot=76 connection from
192.168.1.162 to 192.168.1.121
[27/Apr/2007:10:34:29 -0400] conn=135705 op=0 BIND dn="uid=admin,
ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" method=128
[27/Apr/2007:10:34:29 -0400] conn=135705 op=0 RESULT err=0 tag=97
It seems like the java console is not properly passing the uid that I
type into the console login to the directory server. I have attempted
to login both locally on the server (again with system vm JDK 1.5 and
with the whole thing rebuilt using 1.4.2) and get the same error. I
also am using a remote console on a windowsxp machine (that works fine
going to my other FDS server, running fedora os, 1.0.2 @ 192.168.1.121)
and get the error.
I am using the system versions of net-snmp and cyrus-sasl which are:
All the other deps are:
dev-lang/perl-5.8.8-r2 (URI 1.35)
Back when Fedora DS 1.0.2 was the current version I successfully built
and installed it on a 64-bit gentoo system and home and everything is
working great. I imagine 1.0.4 doesn't like a newer version of one of
the system utils/libraries?
I know the ldap server is functioning properly:
# cd /opt/fedora-ds/shared/bin
# ./ldapsearch -b o=netscaperoot -D "cn=directory manager" -w password
dn: cn=configuration, cn=admin-serv-mbn, cn=Fedora Administration
erver Group, cn=mbn.pki, ou=pki, o=NetscapeRoot
Any help would be much appreciated.
Currently, I have 2 FDS in production in Multimaster mode. I want to
bring 2 more up as well and put them at a remote site so eventually they
will replicate via WAN. Then I will have 2 sets of my data- one at each
So I plan to bring up 2 new servers in MMR mode with the first 2
servers. Once they are synced up I would then move the new ones to the
remote site and use SSH tunnels to re-establish the replication
Can someone chime in on the viability of this?
Is this possible?
What are the steps? I have looked and have not found anything yet.
Any help appreciated.
I am very new in FDS and install my first FDS server
on my RHEL-4 ES system. The installation goes smooth
and I am able to start the FDS and Administration
But the problem arises when I try to open FD console,
I have googled net and found one related topic at
But I found the instruction is premative and all the
specified files are not there. Below is the screen
dump of the error I am getting. If you please give me
the detail instruction, it will be a lifesaver for me.
Warning: -ms8m not understood. Ignoring.
Warning: -mx64m not understood. Ignoring.
Exception in thread main java.lang.NoSuchMethodError:
gement.client.util.RemoteImage.setImage was not found.
ng) (Unknown Source)
wing.UIDefaults) (Unknown Source)
(Unknown Source )
java.lang.Object) (/usr/lib/li bgcj.so.5.0.0)
j ava.lang.String, java.lang.String, java.lang.String,
java.lang.String, java.lang .String)
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
I am implementing password policy in my LDAP-based software. When
using Fedora DS I encountered several problems (or questions) :
1) when password expired, no request other than modifying its
userPassword attribute is allowed. Two requests would have been
usefull in my opinion :
* Start TLS : I want to enable TLS just before changing my password, but :
- Start TLS is not allowed, since it is not the only allowed
modify request on userpassword
- After Start TLS (when the password is not expired), it seems
that the connection become sometimes anonymous, and needs a new bind.
I thought only the Stop TLS operation must disable the authentication
on the LDAP connection
* Password Modify Extended operation : I just thought it would be a
good idea to use it to change a password, but it is not allowed
2) when changing the password using a standard ldap modify request, if
I send two modify operations in the same request, the first one to
remove the old password and the second one to add the new password, do
I need to hash the old password for it to be in the same format than
in the directory ?
3) when using the Password Modify Extended operation, then at the next
logon the server requires the user to change its password ! So I
definitly can't use this operation on a server implementing password
policy. I believe that in the Fedora DS password policy code this
operation is only seen as an administration request, not intended to
be done by a user : it is handled as a "force password" request, not a
"change password" request.
4) I use the Novell LDAP client API. Any call to ldap_stop_tls_s
blocks the calling thread. I don't know if it comes from the server,
the client API, or both. It is not too bad since I can just call
ldap_unbind and ldap_init instead.
I have problem with password's synchronization between Fedora Directory
Server (1.0.4) and Active Directory (2003). I read wiki
(Howto:WindowsSync) and setup up synchronization arrangement. Without
PassSync everything is ok. I can synchronize users both ways from AD ->
FDS and FDS-> AD.
But if I install PassSync I can notice strange behavior:
1. I change user's password in FDS
2. Password is populated to AD
3. !!! PassSync recognize that password was changed !!!
4. PassSync populate password to FDS
5. FDS recognize that password was changed and realize step 2 - and it's
Anybody has any idea what is wrong ?
I am having problems with the admin-serv when doing failure testing in my
What I have:
2 masters replicating the userRoot and NetscapeRoot directories
various hub and consumer/search servers
When I installed the instances on each of these servers, i pointed them at
one of the masters, let's call it primary-master, for it's configuration
directory. when both masters are up and running, i can connect my admin
consoel to either directory and manage my fleet of servers
While doing failure mode testing, I discovered that if the primary-master
was turned off, that the secondary master admin-serv would not start
properly. it gives the following in /opt/fedora-ds/admin-serv/logs/error:
[Tue Apr 24 20:37:36 2007] [crit] mod_admserv_post_config(): unable to build
user/group LDAP server info: unable to set User/Group baseDN
I followed the instructions found here:
to change the admin server running on secondary-master to point to itself
instead of to the primary master. this did not resolve the issue.
Has anyone out there gotten the configuration directory successfully working
in a failover capacity in a multi-master environment?
The average US Credit Score is 675. The cost to see yours: $0 by Experian.
As I remember, we had this problem with password policies and exop -
doing password resets via exop would only see a global password policy
and nothing more fine-grained. I believe this was logged as a bug in FDS
against <= 1.0.4. Since were are using SSL for all connections, we
switched to clear passwords and it all worked.
I've been googling 'til my eyes bleed but I can't find anything on this.
We're using FDS 1.0.2 and I recently used the admin console (logged in
as myself, not as the admin account) to change my personal account
password. The new password worked, so far so good. The problem is that
my *old* password still worked as well. Everywhere. Login through PAM,
login to the FDS admin console, you name it.
After doing some testing I've found that if I change my password logged
in as myself the old password will still work, yet if I change it logged
in with our admin user account only the new one works. What am I missing?
I was planning on putting together a web-form for user password changes
(using the user's credentials to bind), but if user password changes
won't invalidate old passwords I'm going to have to change my approach.