[Fedora-directory-users] Uninstall FDS
by Nicolas Roussi
Hi, I installed Fedora Directory on Fedora 9 but I need to completely
uninstall it and install it again. I tried searching online as to how
to remove it and the only thing I found was: yum erase fedora-ds.
That does not uninstall it, it just removes the package. Does anyone
know how to uninstall it?
Thanks
14 years, 1 month
[Fedora-directory-users] Uninstall FDS
by Nicolas Roussi
Hi, I installed Fedora Directory on Fedora 9 but I need to completely
uninstall it and install it again. I tried searching online as to how
to remove it and the only thing I found was: yum erase fedora-ds.
That does not uninstall it, it just removes the package. Does anyone
know how to uninstall it?
Thanks
On May 18, 2008, at 12:00 PM, fedora-directory-users-
request(a)redhat.com wrote:
> Send Fedora-directory-users mailing list submissions to
> fedora-directory-users(a)redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> or, via email, send a message with subject or body 'help' to
> fedora-directory-users-request(a)redhat.com
>
> You can reach the person managing the list at
> fedora-directory-users-owner(a)redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Fedora-directory-users digest..."
>
>
> Today's Topics:
>
> 1. Re: question on ldapsearching (Howard Chu)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 17 May 2008 09:11:45 -0700
> From: Howard Chu <hyc(a)symas.com>
> Subject: Re: [Fedora-directory-users] question on ldapsearching
> To: fedora-directory-users(a)redhat.com
> Message-ID: <482F03C1.3050603(a)symas.com>
> Content-Type: text/plain; charset=us-ascii; format=flowed
>
>> Date: Fri, 16 May 2008 10:06:38 -0600
>> From: Rich Megginson<rmeggins(a)redhat.com>
>
>> Aaron Bliss wrote:
>>> Hi everyone,
>>> I'm looking to do an ldapsearch and to display only a subset of the
>>> objectclasses and attributes that a list of user has. For example,
>>> I'm only interested in seeing the top, person and organizatoinPerson
>>> objectclasses and their cn, dn and sn attributes. Any ideas?
>>> Thanks.
>> for the cn dn and sn, that's easy;
>> ldapsearch .... "(uid=someperson)" cn dn sn
>>
>> For specific objectclass values, I don't think that's possible.
>>> Aaron
>
> Well, there's RFC3876 for specifying a values return filter, to get
> only the
> desired values. OpenLDAP supports this, anyway.
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
>
>
>
> ------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> End of Fedora-directory-users Digest, Vol 36, Issue 20
> ******************************************************
14 years, 1 month
[Fedora-directory-users] Ldapsearh on dynamic group
by Brian PASSANTE
Hi All,
I use dynamic group to organize my users by I don't know how make a ldapsearch request which anwser all the member of a dynamic group.
Is is possible to do that ?
Does it completely depend on the client side ?
My goal is to set a Role of all the members of a dynamic group to be able to ldapsearch with the nsrole attribute.
Does anybody already try this ? I do not find any information about that.
Thanks for all
Regards
Brian
14 years, 1 month
Re: [Fedora-directory-users] question on ldapsearching
by Howard Chu
> Date: Fri, 16 May 2008 10:06:38 -0600
> From: Rich Megginson<rmeggins(a)redhat.com>
> Aaron Bliss wrote:
>> Hi everyone,
>> I'm looking to do an ldapsearch and to display only a subset of the
>> objectclasses and attributes that a list of user has. For example,
>> I'm only interested in seeing the top, person and organizatoinPerson
>> objectclasses and their cn, dn and sn attributes. Any ideas? Thanks.
> for the cn dn and sn, that's easy;
> ldapsearch .... "(uid=someperson)" cn dn sn
>
> For specific objectclass values, I don't think that's possible.
>> Aaron
Well, there's RFC3876 for specifying a values return filter, to get only the
desired values. OpenLDAP supports this, anyway.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
14 years, 1 month
[Fedora-directory-users] cant lookup unix group
by Sanga M. Collins
I have successfully installed Fedora DS 1.0.4 on an Ubuntu 804 server. I
am trying to setup samba integration and keep running into the same
problem over and over at this step
# net groupmap add rid=2512 ntgroup='Domain Admins' unixgroup='Domain
Admins'
I have searched the net, and this message list for a week trying to find
an answer and haven't been successful. I made sure PAM was working and
communicating with the LDAP server, as well as created the required
groups in FDS (not in /etc/groups). What else do I need to do?? Our
company would like to eliminate AD and go with something different. I am
hoping the FDS will fulfill our needs. Below is the debug from the
command.
sanga@ubuntu-fds:~$ sudo net -debuglevel=10 groupmap add rid=2512
ntgroup='Domain Admins' unixgroup='Domain Admins'
[sudo] password for sanga:
[2008/05/16 10:36:14, 5] lib/debug.c:debug_dump_status(391)
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
[2008/05/16 10:36:14, 3] param/loadparm.c:lp_load(5063)
lp_load: refreshing parameters
[2008/05/16 10:36:14, 3] param/loadparm.c:init_globals(1448)
Initialising global parameters
[2008/05/16 10:36:14, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2008/05/16 10:36:14, 3] param/loadparm.c:do_section(3802)
Processing section "[global]"
doing parameter workgroup = facility
doing parameter security = user
doing parameter passdb backend = ldapsam:ldap://ubuntu-fds.it-mgt.com
doing parameter ldap admin dn = cn=Directory Manager
doing parameter ldap suffix = dc=it-mgt,dc=com
doing parameter ldap user suffix = ou=People
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap group suffix = ou=Groups
doing parameter log file = /var/log/%m.log
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
doing parameter os level = 33
doing parameter domain logons = yes
doing parameter domain master = yes
doing parameter local master = yes
doing parameter preferred master = yes
doing parameter wins support = yes
doing parameter logon home = \\%L\%u\profiles
doing parameter logon path = \\%L\profiles\%u
doing parameter logon drive = H:
doing parameter template shell = /bin/false
doing parameter winbind use default domain = no
[2008/05/16 10:36:14, 4] param/loadparm.c:lp_load(5094)
pm_process() returned Yes
[2008/05/16 10:36:14, 7] param/loadparm.c:lp_servicenumber(5232)
lp_servicenumber: couldn't find homes
[2008/05/16 10:36:14, 10] param/loadparm.c:set_server_role(4338)
set_server_role: role = ROLE_DOMAIN_PDC
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2LE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2LE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16LE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16LE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2BE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2BE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16BE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16BE
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF8
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF8
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-8
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-8
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ASCII
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ASCII
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset 646
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset 646
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ISO-8859-1
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ISO-8859-1
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS2-HEX
[2008/05/16 10:36:14, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS2-HEX
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/05/16 10:36:14, 5] lib/util.c:init_names(287)
Netbios name list:-
my_netbios_names[0]="UBUNTU-FDS"
[2008/05/16 10:36:14, 2] lib/interface.c:add_interface(81)
added interface ip=10.160.4.145 bcast=10.160.4.255 nmask=255.255.255.0
[2008/05/16 10:36:14, 10] intl/lang_tdb.c:lang_tdb_init(138)
lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or
directory
Can't lookup UNIX group Domain Admins
[2008/05/16 10:36:14, 2] utils/net.c:main(1046)
return code = -1
sanga@ubuntu-fds:~$
Sanga M. Collins
Network Engineering
~~~~~~~~~~~~~~~~~~~~~~~
IT Management LLC
6491 Sunset Strip #5,
Sunrise Fl, 33313
Tel: (954) 572 7411,
Fax: (435) 578 7411
14 years, 1 month
[Fedora-directory-users] question on ldapsearching
by Aaron Bliss
Hi everyone,
I'm looking to do an ldapsearch and to display only a subset of the
objectclasses and attributes that a list of user has. For example, I'm
only interested in seeing the top, person and organizatoinPerson
objectclasses and their cn, dn and sn attributes. Any ideas? Thanks.
Aaron
14 years, 1 month
[Fedora-directory-users] mod_nss and FIPS mode
by Mark Price
Hello,
I am having trouble getting mod_nss to work in FIPS mode. Summary of
the problem: mod_nss works fine before FIPS mode is enabled, then
cannot find the certificate after enabling it.
Here is my setup:
CentOS 5 64-bit
Apache 2.2.3 from distro RPM, pre-fork MPM
NSS libraries, tools, etc from distro RPMs (3.11.7-1.3)
I have tried both mod_nss from distro rpm (1.0.3-4) and 1.0.7 compiled
from source
Here is the configuration for mod_nss I am using in Apache. It is
basically the defaults
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
NSSPassPhraseDialog builtin
NSSPassPhraseHelper /usr/sbin/nss_pcache
NSSSessionCacheSize 10000
NSSSessionCacheTimeout 100
NSSSession3CacheTimeout 86400
NSSRandomSeed startup builtin
<VirtualHost _default_:443>
LogLevel warn
NSSEngine on
NSSCipherSuite +rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSProtocol SSLv3,TLSv1
NSSNickname Server-Cert
NSSCertificateDatabase /etc/httpd/alias
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
NSSOptions +StdEnvVars
</Files>
<Directory "/etc/httpd/cgi-bin">
NSSOptions +StdEnvVars
</Directory>
</VirtualHost>
This is using the /etc/httpd/alias cert database, that the mod_nss RPM
created with a default certificate named Server-Cert.
Using that default configuration, the Apache server starts fine and
loads mod_nss.
However, when I enable FIPS mode in mod_nss (By adding "NSSFIPS on" to
Apache config), I can't get it to find the same server certificate
[Thu May 15 13:41:21 2008] [info] Init: Initializing NSS library
[Thu May 15 13:41:21 2008] [info] Initializing SSL Session Cache of
size 10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400.
[Thu May 15 13:41:21 2008] [error] The server key database has not
been initialized.
[Thu May 15 13:41:21 2008] [info] Init: Initializing (virtual) servers for SSL
[Thu May 15 13:41:21 2008] [error] Certificate not found: 'Server-Cert'
I also tried using modutil to enable FIPS mode on the cert database,
but that did not help:
# modutil -fips true -dbdir /etc/httpd/alias
<snipped warning>
Using database directory /etc/httpd/alias...
FIPS mode enabled.
# modutil -chkfips true -dbdir /etc/httpd/alias
Using database directory /etc/httpd/alias...
FIPS mode enabled.
Could someone please clue me in here. Is there some more extensive
process I need to go through in converting the certificate database to
FIPS mode? I have searched for more relevant info with certutil and
modutil but haven't been able to find anything.
Thanks,
Mark
14 years, 1 month
[Fedora-directory-users] questions
by solarflow99
I have a couple of questions about FDS:
- Is it possible to set a root user (UID=0) I noticed it doesn't seem to let
me log in that way.
- If the clients are authenticating to hostname, how does failover work if
that host went offline? Having a secondary LDAP instance wouldnt really
help would it?
Thanks,
14 years, 1 month
