[Fedora-directory-users] Query Regarding Fedora Directory server 1.0.4
by girishkumar@mtnl.net.in
Hello,
We wish to use Fedora directory server 1.0.4 for our application.The
operating system we use is of Linux Enterprise edition 5.0. Is it
possible to use Fedora 1.0.4 with Linux EL 5.0. If so, what are the
tasks we have to do.?
Girish Kumar .G
JTO - Internet
15 years, 11 months
[Fedora-directory-users] Query Regarding Fedora Directory server 1.0.4
by girishkumar@mtnl.net.in
Hello,
We wish to use Fedora directory server 1.0.4 for our application.The
operating system we use is of Linux Enterprise edition 5.1. Is it
possible to use Fedora 1.0.4 with Linux EL 5.1. If so, what are the
tasks we have to do.?
Girish Kumar .G
JTO - Internet
15 years, 11 months
[Fedora-directory-users] timeout limit idle connections?
by Kevin Zona
We are seeing a lot of open connections to our server, and I was wondering
what a suggested timeout value would be for connections. We have around 200
clients and two servers that have around 1000+ current connections.
Any opinions appreciated, thanks.
-Kevin
15 years, 11 months
[Fedora-directory-users] Question on hierarchy tree deletion
by Chun Tat David Chu
Hi group,
I've a question about deleting the hierarchy tree using the Fedora DS
provided command line utilities (e.g. ldapdelete, ldapsearch, ldapmodify and
etc).
Originally, I'm using the "ldapdelete" command from the openldapclient
package with the "-r" flag to do recursive delete on the hierarchy tree, but
I want to know if there's anyway I can achieve the same effect by using
command line utilities from the Fedora DS package.
My original thought is to use ldapsearch, set it to return only the "dn"
attribute and sorted by "createtimestamp" attribute. Then use the returned
result and run the ldapdelete command. Assuming a child entry must have a
later "createtimestamp" then parent entry. However, the result returned
back from ldapsearch is in ascending order of the "createtimestamp"
attribute.
Is there a way to tell the ldapsearch command to sort returned result in
descending order? or
Is there a more efficient way to delete a hierarchy tree through command
line?
Thanks!
David
15 years, 11 months
[Fedora-directory-users] error while using migrate-ds-admin.pl from 1.04 to 1.1.0
by Tony
Hi,
I'm trying to upgrade from 1.0.4 to 1.1.0 on a CentOS 5 system. I tested
everything in a vm and all went fine, but come to the real live server and
when I try to migrate the data, this happens:
[root@sputnik ~]# migrate-ds-admin.pl -f temp.inf
Beginning migration of Directory and Administration servers from
/opt/fedora-ds . . .
Beginning migration of directory server instances in /opt/fedora-ds . . .
Your new DS instance 'slapd-directory' was successfully created.
[18/Apr/2008:22:34:50 +0100] createprlistensockets - PR_Bind() on All
Interfaces port 389 failed: Netscape Portable Runtime error -5982 (Local
Network address is in use.)
[18/Apr/2008:22:34:50 +0100] createprlistensockets - PR_Bind() on All
Interfaces port 389 failed: Netscape Portable Runtime error -5982 (Local
Network address is in use.)
Could not start the directory server using command
'/usr/lib/dirsrv/slapd-directory/start-slapd'. The last line from the error
log was '[18/Apr/2008:22:34:50 +0100] createprlistensockets - PR_Bind() on
All Interfaces port 389 failed: Netscape Portable Runtime error -5982 (Local
Network address is in use.)
'. Error: Unknown error 256
Exiting . . .
Log file is '/tmp/migrateCGDfkB.log'
Anyone seen this before, or can help me get around it? I think the migrate
script is trying to start the new ldap server having not managed to stop the
old one- does that make sense? But the old version has to be running in
order to do the migration.... catch 22?
Cheers,
Tony
15 years, 11 months
[Fedora-directory-users] DS doesn't load sudo and host attribute schemas - just silently ignores them
by Itonohito
Hello!
I've installed Fedora DS 1.1 at Fedora Core 7. Configured and running.
Now I'm trying to add two following schemas to it:
1. Schema, adding host attribute to restrict login access for users per host basis:
#---------------------------------------------------------------------
#
dn: cn=schema
#
#---------------------------------------------------------------------
#
# objectClasses: ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' DESC
'Auxiliary object class for adding authorizedService attribute' SUP top
AUXILIARY MAY authorizedService )
#
objectClasses: (
1.3.6.1.4.1.5322.17.1.1
NAME 'authorizedServiceObject'
DESC 'Auxiliary object class for adding authorizedService attribute'
SUP top
AUXILIARY
MAY authorizedService
)
#
#---------------------------------------------------------------------
#
# objectClasses: ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxiliary
object class for adding host attribute' SUP top AUXILIARY MAY host )
#
objectClasses: (
1.3.6.1.4.1.5322.17.1.2
NAME 'hostObject'
DESC 'Auxiliary object class for adding host attribute'
SUP top
AUXILIARY
MAY host
)
#
#---------------------------------------------------------------------
#
# attributeTypes: ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IANA
GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{256} )
#
attributeTypes: (
1.3.6.1.4.1.5322.17.2.1
NAME 'authorizedService'
DESC 'IANA GSS-API authorized service name'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
)
2. Schema for sudo support:
#---------------------------------------------------------------------
#
dn: cn=schema
#
#---------------------------------------------------------------------
#
# attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who
may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#
attributeTypes: (
1.3.6.1.4.1.15953.9.1.1
NAME 'sudoUser'
DESC 'User(s) who may run sudo'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
#---------------------------------------------------------------------
#
# attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who
may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#
attributeTypes: (
1.3.6.1.4.1.15953.9.1.2
NAME 'sudoHost'
DESC 'Host(s) who may run sudo'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
#---------------------------------------------------------------------
#
# attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s)
to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 )
#
attributeTypes: (
1.3.6.1.4.1.15953.9.1.3
NAME 'sudoCommand'
DESC 'Command(s) to be executed by sudo'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
#
#---------------------------------------------------------------------
#
# attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s)
impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26 )
#
attributeTypes: (
1.3.6.1.4.1.15953.9.1.4
NAME 'sudoRunAs'
DESC 'User(s) impersonated by sudo'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
Both are created by RFC2252 compliant convertor ol2rhds.pl, found in Fedora DS
Wiki site.
I placed that two schemas as files 70host.ldif and 71sudoers.ldif into schema
subdirectory of dirsrv (to be exact - I placed three schemas, but third one -
for dhcp, works fine). And restarted server. But server doesn't load them, looks
like it even doesn't see them. They have ownership and permissions exactly the
same as all other schema files in that directory though. Here's full list of
schema files:
00core.ldif
01common.ldif
05rfc2247.ldif
05rfc2927.ldif
10presence.ldif
10rfc2307.ldif
20subscriber.ldif
25java-object.ldif
28pilot.ldif
30ns-common.ldif
50ns-admin.ldif
50ns-certificate.ldif
50ns-directory.ldif
50ns-mail.ldif
50ns-value.ldif
50ns-web.ldif
60pam-plugin.ldif
64ldapdhcp.ldif
70host.ldif
71sudoers.ldif
99user.ldif
And I see no errors in error-log. I turned on output of all debug data into log
file via Management Console and restarted server again - there are huge amount
of debug info in the error-log - but nothing about that two schemas...
Here goes part of log, where server loads schema files:
[19/Apr/2008:06:51:43 -0400] - => str2entry_dupcheck
[19/Apr/2008:06:51:43 -0400] - <= str2entry_dupcheck 0x6cb0a0 "cn=schema"
[19/Apr/2008:06:51:43 -0400] - dse_read_one_file processing entry "cn=schema" in
file /etc/dirsrv/slapd-ldap1/schema/60pam-plugin.ldif
[19/Apr/2008:06:51:43 -0400] - slapi_str2entry: flags=0xc0, entry="#
#***********************************************..."
[19/Apr/2008:06:51:43 -0400] - => str2entry_dupcheck
[19/Apr/2008:06:51:43 -0400] - <= str2entry_dupcheck 0x6cb0a0 "cn=schema"
[19/Apr/2008:06:51:43 -0400] - dse_read_one_file processing entry "cn=schema" in
file /etc/dirsrv/slapd-ldap1/schema/64ldapdhcp.ldif
[19/Apr/2008:06:51:43 -0400] - slapi_str2entry: flags=0xc0, entry="dn: cn=schema
objectClass: top
objectClass: ldapSu..."
[19/Apr/2008:06:51:43 -0400] - => str2entry_dupcheck
[19/Apr/2008:06:51:43 -0400] - <= str2entry_dupcheck 0x6cb0a0 "cn=schema"
[19/Apr/2008:06:51:43 -0400] - dse_read_one_file processing entry "cn=schema" in
file /etc/dirsrv/slapd-ldap1/schema/99user.ldif (primary file)
Can somebody give me any clue? What I missed, what I did wrong?...
--
Yours truly,
Oleg
15 years, 11 months
[Fedora-directory-users] Passwords with Unicode characters
by Howard Wilkinson
We have run into a 'funny' when using the password_modify plugin we get
an unexpected result in trying to set a password. The password used had
a '£' (British Pund Symbol) in it. The server accepted the password but
would not allow the use of the same string to log in. I suspect that the
passwords are being 8th bit stripped. Is this possible, correct, and
what should happen?
Is there any facility to set a Unicode string as a password. If so what
format (UTF-8, UTF-16[BE|LE], ...) should it take.
Regards, Howard
--
Howard Wilkinson
Phone:
+44(20)76907075
Coherent Technology Limited
Fax:
23 Northampton Square,
Mobile:
+44(7980)639379
United Kingdom, EC1V 0HL
Email:
howard(a)cohtech.com
15 years, 11 months
[Fedora-directory-users] Group membership
by Kronsteiner Bernhard
Hi all!
I have two installations of the fedora directory server, A and B. Now I
have users which are located on the server B who should have to be in
groups auf server A. Is this possible in a way or do I have to replicate
those users who should have permissions on server A?
Thanks in advance,
Bernhard
_______________________________________
DI (FH) Bernhard Kronsteiner
Software Development
computer betting company gmbh
Commerz Park West | 4061 Pasching | Austria
Phone: +43.732.681666 - 0
Bernhard.Kronsteiner(a)cbc-x.com | www.cbc-x.com
Company Headquarters: Fuchselbachstrasse 7 | 4060 Leonding | Austria
Executive Board: Peter Matausch, Mag. Karl Sturmer
15 years, 11 months