[Fedora-directory-users] FDS, Radius and Beyond
by Satish Chetty
Hello,
This is a not a direct FDS question but I thought I will ask anyway. I
want to issue digital certificates (stored and verified on FDS) to every
laptop and desktop. When the laptop/desktop gets on the network and
requests a DHCP IP address, I want the DHCP server to verify the
certificate before access to the network resources is allowed. Something
similar to the Hotspots in coffee shops and hotels but that uses
certificates instead of login/password from user.
Has worked on something like this or can point to me to such white papers?
Cheers,
-Satish.
16 years, 1 month
[Fedora-directory-users] Random UID not found problem
by markwu@micron.com
Hi,
Some of our users get "UID xxxx not found" message when they open a new
terminal or run a rsh command, it appears a few times a day and it is
mostly just annoying message because users can continue to work as
normal, however, sometimes It also causes cron jobs to fail,
In system log, it shows,
crond(pam_unix)[9225]: could not identify user (from getpwnam(USERNAME))
crond[9225]: User not known to the underlying authentication module
We are using Fedora DS 1.0.4, and clients are RHEL 4.5 . This problem
started ever since we switched into LDAP three months ago.
Thanks
16 years, 1 month
[Fedora-directory-users] FDS 1.1 fail to add configuration data to FDS1.04 DS
by Richard Hesse
I'm setting up a few v1.1 test instances in our current 1.04 environment but running into issues trying to add the configuration data to an existing 1.04 server. It appears to be trying to create the children entries before the parent:
Are you ready to set up your servers? [yes]:
Creating directory server . . .
Your new DS instance 'fds' was successfully created.
Creating the configuration directory server . . .
dn: cn=Fedora Directory Server, cn=Server Group, cn=aa0-002-6-v2.u.powerset.co
m, ou=sv.powerset.com, o=NetscapeRoot
objectclass: nsApplication
objectclass: groupOfUniqueNames
objectclass: top
cn: Fedora Directory Server
nsproductname: Fedora Directory Server
nsproductversion: 1.1.0
nsnickname: slapd
nsbuildnumber: 2007.355.1657
nsvendor: Fedora Project
installationtimestamp: 20080130014937Z
nsexpirationdate: 0
nsbuildsecurity: domestic
uniquemember: cn=slapd-fds, cn=Fedora Directory Server, cn=Server Group, cn=aa
0-002-6-v2.u.powerset.com, ou=sv.powerset.com, o=NetscapeRoot
nsservermigrationclassname: com.netscape.admin.dirserv.task.MigrateCreate@fedo
ra-ds-1.1.jar@cn=admin-serv-aa0-002-6-v2, cn=Fedora Administration Server, cn
=Server Group, cn=aa0-002-6-v2.u.powerset.com, ou=sv.powerset.com, o=Netscape
Root
nsservercreationclassname: com.netscape.admin.dirserv.task.MigrateCreate@fedor
a-ds-1.1.jar@cn=admin-serv-aa0-002-6-v2, cn=Fedora Administration Server, cn=
Server Group, cn=aa0-002-6-v2.u.powerset.com, ou=sv.powerset.com, o=NetscapeR
oot
Error adding entry 'cn=Fedora Directory Server, cn=Server Group, cn=aa0-002-6-v2.u.powerset.com, ou=sv.powerset.com, o=NetscapeRoot'. Error: No such object
Could not register the directory server with the configuration directory server.
Exiting . . .
Log file is '/tmp/setupR29d4F.log'
Checking the tree, the intermediate entries are not there. The script is not creating entries beneath ou=sv.powerset.com. I know that the DS is working b/c I can add new 1.04 instances to o=NetscapeRoot, and the 1.1 script is adding an ACI entry for SIE Group(fds) to o=NetscapeRoot.
Do I have to upgrade the configuration server to 1.1 first? I'd rather avoid messing with it if at all possible. Any help would be appreciated. Thanks.
-richard
16 years, 1 month
[Fedora-directory-users] Announcing Fedora Directory Server 1.1.0
by Rich Megginson
Fedora Directory Server 1.1.0 is now available.
See http://directory.fedoraproject.org/wiki/Release_Notes for details
about new features and new installation procedures.
What's new?
* Auto UID and GID number generation with the libdna plugin -
Distributed Numeric Assignment
* Separate packages - each main component is in its own package - uses
yum for installation
* Filesystem Hierarchy Standard file/path layout (e.g. log files are
under /var/log/dirsrv)
* Init scripts!
service dirsrv {start|stop|restart} [instance name]
service dirsrv-admin {start|stop|restart}
edit /etc/sysconfig/dirsrv or /etc/sysconfig/dirsrv-admin to set
environment
* Many of the components are now built into Fedora
* The setup command is now /usr/sbin/setup-ds-admin.pl
* startconsole is gone - use /usr/bin/fedora-idm-console instead
* Migration from version 1.0 and earlier is fully supported by the
/usr/sbin/migrate-ds-admin.pl script provided with the package
* IcedTea Java runs the console on Fedora 8 and later - proprietary Java
no longer required
Known Issues
* Binary packages are provided only for Fedora 6, 7, 8 and 9 - The
Fedora 6 packages should run on EL5.1 (not 5.0)
* Version 1.1 does not include the phonebook, gateway, or org chart web
apps - those will be provided in a following release
* Migration to Fedora 8 and later, and upgrading an existing Fedora DS
on Fedora 8, requires LDIF files - binary database migration and upgrade
from an earlier release to Fedora 8 or later does not work.
16 years, 1 month
[Fedora-directory-users] How to transfer existing server FDS
by Сафонов Алексей
Greetings!
At me the infrastructure with use FDS 1.0.4 is deploymented. There was a necessity to replace a server with FDS. Whether I can in any way to transfer FDS on a new server with preservation of all adjustments. For example, make archive the catalogue /opt/fedora-fs on a "old" server. Then to install rpm (fedora-ds--1.0.4-1. FC6.i386.opt.rpm) on "new" server. And, at last, to unpack archive in /opt/fedora-fs on a "new" server.
Whether this algorithm will approach? Whether there will be problems provided that existing server FDS is synchronized with server ADS?
I Ask the help
16 years, 1 month
[Fedora-directory-users] RE: Migrating from 1.0.2 to 1.1, not all databases migrated
by Jeff Tharp
Argh, I figured out this problem was self-inflicted. I used too old a
revision of the dse.ldif file as the basis for my migration. Updating
to a newer revision (that included references to the missing backend)
solved the problem.
Thanks for the help and sorry to have wasted time with this.
Jeff
> -----Original Message-----
> From: Jeff Tharp
> Sent: Tuesday, January 29, 2008 2:40 PM
> To: 'Fedora-directory-users(a)redhat.com'
> Subject: Migrating from 1.0.2 to 1.1, not all databases migrated
>
> I'm working on migrating our Fedora DS 1.0.2 server to
> FedoraDS 1.1. I did a same platform migration on test box by
> installing the FedoraDS 1.1 binaries, taring up
> /opt/fedora-ds from one of our old FedoraDS boxes and then
> using migrate-ds-admin.pl to migrate the instance. While
> NetscapeRoot and UserRoot were migrated correctly, the
> mgration script skipped over our custom database entirely.
> Now I can always export to LDIF and migrate this database
> that way, I was hoping to do a direct binary migration to
> minimize downtime. Are UserRoot and NetscapeRoot the only
> databases supported, or is it likely that something was
> misconfigured with my test?
>
> Any advice is appreciated,
> Jeff Tharp
> System Administrator
> ESRI - Redlands, CA
> http://www.esri.com
16 years, 1 month
[Fedora-directory-users] Migrating from 1.0.2 to 1.1, not all databases migrated
by Jeff Tharp
I'm working on migrating our Fedora DS 1.0.2 server to FedoraDS 1.1. I
did a same platform migration on test box by installing the FedoraDS 1.1
binaries, taring up /opt/fedora-ds from one of our old FedoraDS boxes
and then using migrate-ds-admin.pl to migrate the instance. While
NetscapeRoot and UserRoot were migrated correctly, the mgration script
skipped over our custom database entirely. Now I can always export to
LDIF and migrate this database that way, I was hoping to do a direct
binary migration to minimize downtime. Are UserRoot and NetscapeRoot
the only databases supported, or is it likely that something was
misconfigured with my test?
Any advice is appreciated,
Jeff Tharp
System Administrator
ESRI - Redlands, CA
http://www.esri.com
16 years, 1 month