[Fedora-directory-users] Allow root to change user's passwords
by Orion Poplawski
I'm used to being able to change user's passwords as root using the
"passwd" command on my main server (this was with NIS and the master
shadow file kept on the server). Now with FDS, I get:
# passwd orion
Changing password for user orion.
Enter login(LDAP) password:
and I must enter the password for the user "orion". This gets tricky
when the user has forgotten their password.
Is there a way to avoid this first check and allow root to force a
change of the password?
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion(a)cora.nwra.com
Boulder, CO 80301 http://www.cora.nwra.com
14 years, 7 months
[Fedora-directory-users] Windows Sync and UserprincipalName
by Seppel
Hi,
at the moment I am playing with the windows Sync feature.
I would like to sync users from AD -> FDS.
Is it possible to change the existing mapping?
I would like to use the Userprincipalname in fds?
Thanks for any hint or input
carsten
14 years, 11 months
[Fedora-directory-users] Sudo in directory server
by Erling Ringen Elvsrud
I try to add the schema for sudoers from README.LDAP in
the srpm-file of sudo-1.6.8p12. I assume the iPlanet-version will work best, but
get this problem when I restart directory server:
[root@testserver schema]# service dirsrv restart
Shutting down dirsrv:
testserver... [ OK ]
Starting dirsrv:
testserver...[27/Nov/2008:10:37:31 +0100] - Entry "cn=schema
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC
'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseE"
required attribute "objectclass" missing
[ OK ]
[root@testserver schema]# cat 99sudoers.ldif
dn: cn=schema attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME
'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match
SUBSTR caseE
xactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC
'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseEx
actIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC
'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match S
YNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC
'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1
.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC
'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1
.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top
STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sud
oHost $ sudoCommand $ sudoRunAs $ sudoOption $ description ) X-ORIGIN 'SUDO' )
Any help to get the schema for sudo correctly added is appreciated.
Thanks,
Erling
14 years, 11 months
[Fedora-directory-users] FDS 1.1 is not starting on Fedora 10
by Morenisco
Hi,
I tried with Fedora 10 and FDS 1.1, but appears that I'm experiencing
the same problem described in my last email.
The installation looks good, but in the last part, when trying to start
the server, it fails:
The interactive phase is complete. The script will now set up your
servers. Enter No or go Back if you want to change something.
Are you ready to set up your servers? [yes]:
Creating directory server . . .
Server failed to start !!! Please check errors log for problems
And the error log doesn't contains any error:
[...]
[28/Dec/2008:16:43:21 -0300] - import userRoot: Import complete.
Processed 9 entries in 1 seconds. (9.00 entries/sec)
[28/Dec/2008:16:43:21 -0300] - Fedora-Directory/1.1.3 B2008.289.115
starting up
Some know what can be failing please?
Regards.
--
Morenisco.
Centro de Difusión del Software Libre.
http://www.cdsl.cl
http://santiago.flisol.cl
Blog: http://morenisco.belvil.eu
14 years, 11 months
[Fedora-directory-users] FDS 1.1 is not starting on CentOS 5
by Morenisco
Hi,
I was able to install and configure FDS 1.1 on CentOS 5, but in the
latest step of the configuration, the service doesn't start.
1) I saw the following messages in the last part of the installation:
Are you ready to set up your servers? [yes]:
Creating directory server . . .
Server failed to start !!! Please check errors log for problems
Could not start the directory server using command
'/usr/lib/dirsrv/slapd-dirserver1/start-slapd'. The last line from the
error log was '[28/Dec/2008:11:18:14 -0300] - Fedora-Directory/1.1.3
B2008.269.157 starting up
'. Error: Unknown error 256
Error: Could not create directory server instance 'dirserver1'.
Exiting . . .
Log file is '/tmp/setupRikE7Y.log'
2 ) The error log just says the following:
[28/Dec/2008:12:41:07 -0300] - Fedora-Directory/1.1.3 B2008.269.157
starting up
3) The log file /tmp/setupRikE7Y.log says the following:
[08/12/28:11:13:10] - [Setup] Info Are you ready to set up your servers?
[08/12/28:11:13:16] - [Setup] Info yes
[08/12/28:11:13:16] - [Setup] Info Creating directory server . . .
[08/12/28:11:23:18] - [Setup] Info Could not start the directory server
using command '/usr/lib/dirsrv/slapd-dirserver1/start-slapd'. The last
line from the error log was '[28/Dec/2008:11:18:14 -0300] -
Fedora-Directory/1.1.3 B2008.269.157 starting up
'. Error: Unknown error 256
[08/12/28:11:23:18] - [Setup] Fatal Error: Could not create directory
server instance 'dirserver1'.
[08/12/28:11:23:18] - [Setup] Fatal Exiting . . .
Well, I'm using the user 'nobody' and group 'nobody'.
4) When I try to run the command by hand as root, I get the same:
[root@dirserver1 slapd-dirserver1]# pwd
/usr/lib/dirsrv/slapd-dirserver1
[root@dirserver1 slapd-dirserver1]# ./start-slapd
Server failed to start !!! Please check errors log for problems
5) Running the command with sh -x, I got the line that it not starting
the command:
+ cd /usr/sbin
+ ./ns-slapd -D /etc/dirsrv/slapd-dirserver1 -i
/var/run/dirsrv/slapd-dirserver1.pid -w
/var/run/dirsrv/slapd-dirserver1.startpid
6) Running the last command by hand:
[root@dirserver1 sbin]# ./ns-slapd -D /etc/dirsrv/slapd-dirserver1 -i
/var/run/dirsrv/slapd-dirserver1.pid -w
/var/run/dirsrv/slapd-dirserver1.startpid
[root@dirserver1 sbin]#
[root@dirserver1 sbin]# ps -fea | grep slapd
root 6893 6729 0 12:55 pts/3 00:00:00 grep slapd
==> this is not starting.
7) Trying the same, but with trace level:
./ns-slapd -d 1 -D /etc/dirsrv/slapd-dirserver1 -i
/var/run/dirsrv/slapd-dirserver1.pid -w
/var/run/dirsrv/slapd-dirserver1.startpid
[28/Dec/2008:12:58:18 -0300] - <= send_ldap_result
[28/Dec/2008:12:58:18 -0300] - Fedora-Directory/1.1.3 B2008.269.157
starting up
Failed to open stats file (/var/run/dirsrv/slapd-dirserver1.stats)
(error 1).
Then, the binary ns-slapd is not creating the file
/var/run/dirsrv/slapd-dirserver1.stats (I think).
8) Some details of the binary and my kernel version:
[root@dirserver1 sbin]# file ns-slapd
ns-slapd: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for
GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux
2.6.9, stripped
[root@dirserver1 sbin]#
[root@dirserver1 sbin]# uname -a
Linux dirserver1.cdsl.cl 2.6.18-92.el5 #1 SMP Tue Jun 10 18:49:47 EDT
2008 i686 i686 i386 GNU/Linux
Could it be related to the difference of the kernel version?
Thanks!
--
Morenisco.
Centro de Difusión del Software Libre.
http://www.cdsl.cl
http://santiago.flisol.cl
Blog: http://morenisco.belvil.eu
14 years, 11 months
[Fedora-directory-users] config of SSL on ADs and FDS
by Abdellah Alaoui Ismaili
is that someone can provide me with detailed documents sharing certificates
between MS. Active Directory and Fedora Directory Server, because the
connection via port 636 do not want to walk.
I have this error log file in windows sync.
12/25/08 11:48:28: Backoff time expired. Attempting sync
12/25/08 11:48:28: Password list has 6 entries
12/25/08 11:48:28: Ldap bind error in Connect
81: Can't contact LDAP server
12/25/08 11:48:28: Can not connect to ldap server in SyncPasswords
12/25/08 11:48:28: Backing off for 16000ms
but with the ports 389 synchronizes this information, but the password does
not want to be synchronized.
you can help me plz.
14 years, 11 months
[Fedora-directory-users] Import Existing Wildcard SSL Cert for FDS
by Jared Griffith
How would one import an existing wildcard SSL certificate for use with FDS 1.0.4?
--
- Thank you,
- Jared B. Griffith
- Tech Corps
- Lead Systems Administrator
- Email - jared.griffith(a)tech-corps.com
- Phone 1 - 949.417.1500 ext. 48547
- Phone 2 - 949.417.3700 ext. 48547
- Cell Phone - 949.910.6542
- Fax: 949.271.3647
14 years, 11 months
[Fedora-directory-users] Import Existing Wildcart Cert
by Jared Griffith
How would one import an existing wildcard SSL certificate for use with
FDS 1.0.4?
--
- Thank you,
- Jared B. Griffith
- Tech Corps
- Lead Systems Administrator
- Email - jared.griffith(a)tech-corps.com
- Phone 1 - 949.417.1500 ext. 48547
- Phone 2 - 949.417.3700 ext. 48547
- Cell Phone - 949.910.6542
- Fax: 949.271.3647
14 years, 11 months
[Fedora-directory-users] users multiaccess
by Eric
Hi.
there is a Radius server that uses fedora ds for authenticate and
authorization of its vpn users.
In fedora ds user's access attribute is set to 1; but users can have multi
access.
how ldap checks multi access?
is there another thing that affects this attribute?
14 years, 11 months
[Fedora-directory-users] multi-master ports
by Richard Larson
Guy's; I'll proffer this question, knowing the answer is staring me right
in the face somewhere.
How do you get multi-masters to monitor the same port ie 389 or 636 for
SSL
Every time I try to change the port on the second server to 389 it will
not start stating that the port is already in use?
Thanks in advance
Rich Larson
Do not wait to strike till the iron is hot; but make it hot by striking.
-- William B. Sprague
14 years, 11 months
