Thanks for your patience - and apoloiges for that rookie typo error.Fixed that and retried a few times but still to no avail - new instance is created and running ok but doesn't show up in the admin console. Where does the admin server get this list of servers etc from (and will that info help me!?).If I install an instance on server2 and point it towards the config instance on server1 as part of the setup script then it does appear in the console and all is well in my DS world...Seems only to cause problems when I'm trying to create a new data instance (using ds_newinst.pl) on the server1 when the config instance (created during install/setup) is already there. If there were an option to create a new instance via the console and specify a separate configuration directory it'd be easy...presumably!Is this the normal way to do this? Kind regards,James> Date: Thu, 26 Jul 2007 10:03:28 -0600> From: rmeggins(a)redhat.com> To: fedora-directory-users(a)redhat.com> Subject: Re: [Fedora-directory-users] Configuration Directory Question> > James Deuchar wrote:> > Thanks for the swift response - size depends on the success of the > > project - am tempted to go with external config directory assuming I > > can get it working...> >> > I tried to the procedure I listed below i.e. installed the RPM, ran > > setup to create a 'dsconfig' instance on port 5555.> >> > Then I created a master.inf file for inputing into the ds_newinst.pl > > script:> >> > [General]> > FullMachineName= server1.jamesd.com> > SuiteSpotUserID= ldap> > ServerRoot= /opt/fedora-ds> > ConfigDirectoryAdminID= admin> > ConfigDirectoryAdminPwd= blah> > ConfigDirectoryLdapURL= ldap://server1.jamesd.com:5555/o=NetscapeRoot> > AdminDomain= jamesd.com> >> > [slapd]> > ServerPort= 389> > ServerIdentifier= master01> > Suffix= dc=jamesd,dc=com> > RootDN= cn=Directory Manager> > RootDNPwd= blah> > UserExistingMC=1> This should be "UseExistingMC" not "User"> >> > When I ran that it seemed to work - instance called master01 was > > created and is running.> >> > When running the console though, it's not listed - only the > > Administration Server and 'dsconfig' Directory Server instance.> >> > How can I make the master01 instance appear in the admin console and > > also verify that master01 is using dsconfig to stores is configuration > > data?> >> > Thanks again> >> >> > > Date: Thu, 26 Jul 2007 09:33:37 -0600> > > From: rmeggins(a)redhat.com> > > To: fedora-directory-users(a)redhat.com> > > Subject: Re: [Fedora-directory-users] Configuration Directory Question> > >> > > James Deuchar wrote:> > > > Hi,> > > >> > > > I've got a what I thought was a relatively simple DS setup with two> > > > master DS servers doing master-master replication. In the future> > > > slaves may be added into the equation.> > > >> > > > Initially I installed both servers the same - as standalone DS' each> > > > with it's own admin server and 'in-house' o=NetscapeRoot > > configuration> > > > directory.> > > >> > > > Reading some of the Redhat docs on 'Configuration decisions' it talks> > > > about having the configuration directory in a separate directory> > > > instance - based on what I've seen from the DS setup script this> > > > implies supplying those details during the install of the real DS> > > > instances that will contain the data.> > > >> > > > Is my understanding correct? Does this mean I should be installing an> > > > independent configuration directory on both masters and setup> > > > replication between them to provide a redundant configuration> > > > directory alongside the redundant data directories?> > > For small deployments, you can have your config DS and data DS be > > the same.> > > >> > > > If so is the install procedure reasonable?:> > > >> > > > - install fedora RPM on server 1> > > > - Run setup script to create server 1 config directory> > > > - Run ds_newinst.pl to create data directory on the same server> > > > pointing it to the local config directory during setup> > > > - Repeat on server 2> > > > - Setup replication on data masters and on config directories> > > Sure.> > > >> > > > Many thanks!> > > >> > > > > > ------------------------------------------------------------------------> > > > Are you the Quizmaster? Play BrainBattle with a friend now!> > > > <http://specials.uk.msn.com/brainbattle>> > > > > > ------------------------------------------------------------------------> > > >> > > > --> > > > Fedora-directory-users mailing list> > > > Fedora-directory-users(a)redhat.com> > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users> > > >> > >> >> > ------------------------------------------------------------------------> > Email straight to your blog, upload jokes, photos and more. Windows > > Live Spaces, it's FREE! > > <http://specials.uk.msn.com/spaces/default.aspx%20>> > ------------------------------------------------------------------------> >> > --> > Fedora-directory-users mailing list> > Fedora-directory-users(a)redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users> > >
Celeb spotting – Play CelebMashup and win cool prizes
O.K., so now I can search the NT4 LDAP service using ldapsearch from a Linux
machine, but I still can't get that confounded sync agreement to
work. I have read the Windows Sync manual several times, and it implies
heavily that you should be able to create a Windows Sync agreement with NT4.
But no matter what I try, I get "unable to contact Active Directory server"
after filling out the sync agreement form.
Just for kicks, I decided to try creating a "Replication Agreement" as
opposed to a "Windows Sync" agreement. Oddly enough, I can carry this
through to completion, with the Fedora server as supplier and the NT server
as consumer (this is what we need anyway). But immediately after completing
the agreement, the replica fails to initialize.
All suggestions warmly accepted. Thanks. -Glenn.
ldapsearch options that work:
# ldapsearch -v -H ldap://nt4testbox.mydomain.edu -x -
D "uid=admin,ou=system" -w password -b "o=mydomain.edu"
Windows Sync form options
Error: Unable to contact Active Directory server, continue?
Windows Domain Name: mydomain.edu
Sync New Windows Users: unchecked
Sync New Windows Groups: unchecked
Windows Subtree: o=mydomain.edu
DS Subtree: o=mydomain.edu
Domain Controller Host: nt4testbox
Port Num: 389
Using Encrypted SSL Connection: not checked
Bind As: uid=admin,ou=system
Replication Agreement options
Error: Replication error acquiring replica: unknown error. Error code 255.
Supplier (filled in already): fdserver.mydomain.edu:636
Using encrypted SSL connection: unchecked
Simple authentication: checked
Bind as: uid=admin,ou=system
Enable fractional replication: unchecked
Always keep directories in sync: checked
Initialize consumer now: checked
I am having a problem with sudo when I am running in a TSL/SSL connection, I
am able to ssh into the client and verified that the connection is secure,
but once logged in to the client machine I am unable to use sudo.
I am seeing multiple re-tries in the access logs that appear to close,:
When I do the same thing without a TLS/SSL connection sudo works fine.
Here is what I am seeing in the log
31/Jul/2007:15:48:18 -0500] conn=607 fd=74 slot=74 connection from <ipaddr>
[31/Jul/2007:15:48:18 -0500] conn=607 op=0 EXT oid="22.214.171.124.4.1.1466.20037"
[31/Jul/2007:15:48:18 -0500] conn=607 op=0 RESULT err=0 tag=120 nentries=0
[31/Jul/2007:15:48:18 -0500] conn=607 SSL 256-bit AES
[31/Jul/2007:15:48:18 -0500] conn=607 op=1 UNBIND
[31/Jul/2007:15:48:18 -0500] conn=607 op=1 fd=74 closed - U1
and eventually, I get
sudo: uid 1000 does not exist in the passwd file!
for the user config, it is simple, the user exists in ldap, the group exists
on the box (wheel) and I give the user in ldap a gid of 10
uid=1000(testuser) gid=10(wheel) groups=10(wheel)
I'm having problems setting samba with fedora-ds, i'm following the how-to
The problem follows:
net groupmap add rid=512 ntgroup='Domain Admins' unixgroup='Domain Admins'
I get the following error
Can't lookup UNIX group
I'm using fedora core 6
Thanks, Thierry Vanden Broucke
I found that ../shared/bin/ldasearch only show a output of 76 chars
per line, and manual page not described how be longer the output, i
want set the line-width used to implement filter in long strings 'OU'
in perl scripts. Also i found a very simple patch for ldapsearch of
openldap tools in:
openldap it does not have support still.
Probably some method of Net::LDAP can do it, I'm investigating a
module or regex that can help me in this, any suggestion? thanks.
Wilmer Jaramillo M.
GPG Key Fingerprint = 0666 D0D3 24CE 8935 9C24 BBF1 87DD BEA2 A4B2 1E8A
I have a question about FDS and the ability to make a
distro/email group. Here is some backgroud. Currently running openldap as
my GAL and we want to switch to FDS because the people we sync with all use
exchange. I have FDS 1.0.3 stood up and running. I exported my ldif file
from my openldap server which has both email accounts and distro groups.
When i imported them into FDS all the email address were stripped. At first
I thought it was the syntax of the openldap leif file, and at first it was
and i wanst able to import anything. Now i can import without any errors
but no email address come up, just user account info.
What did I do wrong?
Thank you in advance,
Adam A. Valenzuela
I have setup a multi-master environment with only one NetscapeRoot
configuration database for all slaves and masters. Is it recommended to
have only one NetscapeRoot or should that be replicated to the other
If the recommendation is to replicate the NetscapeRoot, I am a little
unclear on the steps to take to copy database to the other master so
that I can setup replication.
Any help would be greatly appreciated.
Cary Anderson, Systems Software Specialist
Information Technology Services Branch
Technology Services & Support Division / Data Center Section
System Software & Storage Infrastructure
Phone: (916) 795-2588
Fax: (916) 795-2424
Thanks for replying!
sasl2 version: libsasl2-2 (2.1.22)
Apparently that wasn't an issue after all, as I managed to get
Ubuntu 7 + Samba PDC w/FDS as backend, DHCP, DNS w/DDNS via DHCP... my
dream server! Now to implement an OpenID provider!
On 7/27/07, *Richard Megginson* <rmeggins(a)redhat.com> wrote:
Ivan V. wrote:
> I have an Ubuntu 7.04 server with Fedora Directory Server (the
> FC5) installed and running.
> I want to enable LDAP authentication with PAM, but it seems I have a
> problem with the libsasldb.so.2 library.
> When ns-slapd starts it throws this error on auth.log:
> unable to dlopen /usr/lib/sasl2/libsasldb.so.2: undefined symbol:
> After some digging, it seems it's caused by the incompatibility
> between my libsasldb and the one required by FDS.
What version of sasl2 is Ubuntu 7.04 using? Note that if you build your
own private version of sasl, you can just put it somewhere under
/opt/fedora-ds, and edit the start-slapd shell script to set
LD_LIBRARY_PATH to point to libsasl2.so, and point SASL_PATH at the sasl
Also, what version of Apache is Ubuntu 7.04 using?
> And when I try to login, on the same auth.log pam_ldap throws
> ldap_simple_bind: Can't contact LDAP server
> Which I think is caused by the same problem, because otherwise my
> directory is working just fine.
> What version of libsasldb do I need exactly for FDS? Is it
> install it on Ubuntu or somehow tell FDS to use one located at a
> different place? Are these the right questions?
> Reward of $100 USD to the person that helps me get LDAP
> working (via PayPal), without suggesting I place FDS on a Fedora Core
> server, because this is actually for a guide (free) I'm writing to
> help other small companies replace Active Directory with
> To be able to collect the reward and be fair, please post on this
> I hope you don't find my request out of place. I'm just trying to
> learn, to help other small companies, and to give my grain of sand to
> the OS community.
> - Ivan V.
> Fedora-directory-users mailing list
Fedora-directory-users mailing list
I have an Ubuntu 7.04 server with Fedora Directory Server (the one for
FC5) installed and running.
I want to enable LDAP authentication with PAM, but it seems I have a
problem with the libsasldb.so.2 library.
When ns-slapd starts it throws this error on auth.log:
unable to dlopen /usr/lib/sasl2/libsasldb.so.2: undefined symbol:
After some digging, it seems it's caused by the incompatibility between
my libsasldb and the one required by FDS.
And when I try to login, on the same auth.log pam_ldap throws this error:
ldap_simple_bind: Can't contact LDAP server
Which I think is caused by the same problem, because otherwise my LDAP
directory is working just fine.
What version of libsasldb do I need exactly for FDS? Is it possible to
install it on Ubuntu or somehow tell FDS to use one located at a
different place? Are these the right questions?
Reward of $100 USD to the person that helps me get LDAP authentication
working (via PayPal), without suggesting I place FDS on a Fedora Core
server, because this is actually for a guide (free) I'm writing to help
other small companies replace Active Directory with Ubuntu/FDS/SAMBA.
To be able to collect the reward and be fair, please post on this site:
I hope you don't find my request out of place. I'm just trying to learn,
to help other small companies, and to give my grain of sand to the OS
- Ivan V.