[Fedora-directory-users] Complicated ACI Definitions
by Bjorn Oglefjorn
Or maybe it's not so complicated and I don't know how. ;)
This is what I'm trying to accomplish:
Users who are a member of the group 'cn=support'
can perform ALL operations on 'userPassword',
except on targets which are a member of group 'cn=admins' or 'cn=bosses'.
Is this possible? I can't figure out how. Thanks in advance!
--BO
17 years
[Fedora-directory-users] ip in ACI bind rules
by George Holbert
I've noticed that the 'ip' keyword in ACI bind rules seems to have no
effect on its own. For example,
This does not deny access to IP 1.2.3.4:
aci: (version 3.0; acl "Deny 1.2.3.4"; deny(all) (ip = "1.2.3.4");)
But when combined with a userdn clause like this, it works:
aci: (version 3.0; acl "Deny 1.2.3.4"; deny(all) (userdn = "ldap:///anyone") and (ip = "1.2.3.4");)
Is this known/expected behavior?
Just want to make sure I'm interpreting this right.
Thanks a lot,
-- George
17 years
[Fedora-directory-users] "Bad Ber Tag Encountered" in log analysis
by Philip Kime
I was looking through the logconv.pl output and I see that the majority
of connection codes are
B1 Bad Ber Tag Encountered
Should I be worried about this? LDAP seems to be working fine and has
been for months.
PK
--
Philip Kime
NOPS Systems Architect
310 401 0407
17 years
[Fedora-directory-users] PSET failure
by Glenn
Hello, again! I'm trying to install Fedora DS 1.0.4 on Red Hat EL4.
Everything goes smoothly until I try to enable SSL in the admin server
console. When I try to save new settings on the Encryption tab and the User
DS tab, I get a message, "PSET failure. PSET attribute creation or local
cache update failed!"
After that, I back out of the admin console without saving changes. When I
go back into the admin console, the certificate has disappeared from the
drop-down list. It sounds like a problem with file permissions, but I don't
know what files might be involved.
Hoping you can help. Thanks. -G.
17 years
Re: [Fedora-directory-users] Error : Critical extension unavailable
by Victor Rodriguez
>Richard Megginson wrote:
>The Fedora DS chaining database (database link) uses the Proxy Auth
>control. I think you can disable this. Check the docs for the chaining
>database configuration. It may be that the console does not allow you
>to set this, but you can set it manually.
http://www.redhat.com/docs/manuals/dir-server/pdf/ds71cli.pdf - search
>for nsProxiedAuthorization
>If there are other controls being sent by Fedora DS, you can disable
>those too - search for nsTransmittedControls in the above document.
Hi Richard:
I have disabled these control but the problem still continue, this error
only happen with openldap because when I connect to Novell eDirectory
ldap server I have a different error: I dont have permisions to read the
database link.
Any idea?
Regards,
Victor Rodriguez
IT Technical Support Officer
System & Database Administrator
Attention:
The information contained in this message and or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.
Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of The Gribbles Group.
Thank You.
Whilst every effort has been made to ensure that this e-mail message and any attachments are free from viruses, you should scan this message and any attachments.
Under no circumstances do we accept liability for any loss or damage which may result from your receipt of this message or any attachment.
17 years