[Fedora-directory-users] Re: Fedora DS Installation
by Gene Poole
Rich Megginson wrote:
>
> Can you describe exactly what you are trying to do?
>
> Not directly with RPM. The Fedora DS RPMs we provide are not
> relocateable. They abide by the FHS -
> http://directory.fedoraproject.org/wiki/FHS_Packaging
>
> If you want to build it from source, you can provide a specific prefix
> or use the default prefix /opt/fedora-ds.
>
> There may be other ways to achieve what you want to do. Please provide
> more details.
>
If you remember older releases came as tar balls which allowed me to
determine where I wanted the software and create a file system ahead of
time. Since it started using RPMs, I can no longer build a server and
create all of the file systems ahead of time, because how will I know if
they decide to move it next week? next month? next year?
Thanks,
Gene Poole
15 years, 8 months
[Fedora-directory-users] Fedora DS Installation
by Gene Poole
I would like to install the latest release of Fedora Directory Server onto
a specific filesystem. Does anyone know how this can be done? Is it
possible using RPM?
Thanks,
Gene Poole
15 years, 8 months
[Fedora-directory-users] password sync documentation
by omight
Hi,
I'm trying to follow the documentation to setup synchronisation to
windows active directory.
>From the documentation:
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Windows_Sync-Configu...
[quote]
2. Create a new cert8.db and key.db using certutil.exe on the Password
Sync machine.
certutil.exe -d . -N
ln -s slapd-serverID-cert8.db cert8.db
ln -s slapd-serverID-key3.db key3.db
[/quote]
If I execute that in a new directory:
# certutil.exe -d . -N
# ln -s slapd-rhds-cert8.db cert8.db
ln: creating symbolic link `cert8.db' to `slapd-rhds-cert8.db': File exists
I don't follow why the ln -s should be executed? Why not start with part 3:
On the Directory Server, export the server certificate using pk12util.
pk12util -d . -o servercert.pfx -n Server-Cert
Because SSL is already configured on this linux machine, so I guess I
can use the server-cert from that cert8.db?
Can someone clarify/confirm this? Thanks!
15 years, 8 months
[Fedora-directory-users] Single master or multiple master for Active Directory Sync
by ken oh
Hello everybody,
I would like to know what's the best replica role option between single master and multiple master when you configure the database for an Active Directory sync.
I've got another question : Is it possible to synchronize AD and FDS if AD is in native mode ?
_____________________________________________________________________________
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
15 years, 8 months
[Fedora-directory-users] Configuration Directory Server failover
by Mister Anonyme
Hi,
I installed and configured many LDAP servers in a multi-master environment. Work very well.
Now, I want to do a failover of the Configuration Directory Server between two masters, just in case. I tried to follow the instructions right here:
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication...
It's just as clear as a mud...
I would really like to have an real-life scenario example to help me because I'm struggling to configure it and it doesn't work at all.
For example, the step 1 instruct us to create a file.inf and 4 ldif files:
0.- file.inf
FullMachineName = MY FULL HOSTNAME
AdminDomain = MY DOMAIN NAME
SuiteSpotUserID = nobody
SuiteSpotGroup = nobody
ConfigDirectoryLdapURL = ldap://MY FULL HOSTNAME:389/o=NetscapeRoot
ConfigDirectoryAdminID = admin
ConfigDirectoryAdminPwd = MY PASSWORD
[admin]
ServerAdminID = admin
ServerAdminPwd = MY PASSWORD
SysUser = nobody
ServerIpAddress = MY SERVER IP ADDRESS
Port = 9830
[slapd]
InstallLdifFile = suggest
ServerIdentifier = MY SERVER HOSTNAME
ServerPort = 389
AddOrgEntries = Yes
RootDN = cn=Directory Manager
RootDNPwd = MY DS PASSWORD
SlapdConfigForMC = yes
Suffix = dc=EXAMPLE, dc=NET
UseExistingMC = 0
AddSampleEntries = Yes
ConfigFile = repluser.ldif
ConfigFile = changelog.ldif
ConfigFile = replica.ldif
ConfigFile = replagreement.ldif
1.- repluser.ldif
dn: cn=replication manager,cn=config
changetype: add
objectClass: inetorgperson
objectClass: person
objectClass: top
cn: replication manager
sn: RM
userPassword: MY ENCRYPTED PASSWORD
passwordExpirationTime: 20380119031407Z
2.- changelog.ldif
dn: cn=changelog5,cn=config
changetype: add
objectclass: top
objectclass: extensibleObject
cn: changelog5
nsslapd-changelogdir: /var/lib/dirsrv/slapd-MYINSTANCE/changelogdb
3.- replica.ldif
dn: cn=replica,cn="o=NetscapeRoot",cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: nsds5replica
objectclass: extensibleObject
cn: replica
nsds5replicaroot: o=NetscapeRoot
nsds5replicaid: 1
nsds5replicatype: 3
nsds5flags: 1
nsds5ReplicaPurgeDelay: 604800
nsds5ReplicaBindDN: cn=replication manager,cn=config
4.- replagreement.ldid
dn: cn=replication_netscaperoot,cn=replica,cn="o=Netscaperoot",cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: nsds5replicationagreement
cn: replication_netscaperoot
nsds5replicahost: SECONDARY LDAP SERVER HOSTNAME
nsds5replicaport: 389
nsds5ReplicaBindDN: cn=replication manager
nsds5replicabindmethod: SIMPLE
nsds5replicaroot: o=Netscaperoot
description: replication netscaperoot
nsds5replicacredentials: ENCRYPTEDPASSWORD
nsds5BeginReplicaRefresh: start
Then, I ran: /usr/sbin/setup-ds-admin.pl -s -f file.inf
It went without errors.
And then... I don't see any replica nor replica agreement. Even the user "cn=replication manager,cn=config' doesn't appear in the console.
So, I'm wondering if any of you has succeeded to configure a replication/failover of o=NetscapeRoot ? If yes, I would be greatly appreciated if you could put your examples in real-life scenaro, it would help me alot.
Thank you very much!
_________________________________________________________________
Find hidden words, unscramble celebrity names, or try the ultimate crossword puzzle with Live Search Games. Play now!
http://g.msn.ca/ca55/212
15 years, 8 months
[Fedora-directory-users] replication spam
by Luke Bigum
Hi guys, has anyone come across this error before? It starts about a minute after restarting the directory server and repeats every second.
[15/Jul/2008:17:03:05 +1000] NSMMReplicationPlugin - changelog program - libdb: f9d40083-1dd111b2-b30d81db-66a20000_48337401000000010000.db4: unable to flush: No such file or directory
[15/Jul/2008:17:03:05 +1000] NSMMReplicationPlugin - changelog program - libdb: txn_checkpoint: failed to flush the buffer cache No such file or directory
It's only seen with replication debug logging on, however I don't want to disable this logging as it's helping me catch an MMR bug: https://bugzilla.redhat.com/show_bug.cgi?id=442170
On that note, any word on when the fix for https://bugzilla.redhat.com/show_bug.cgi?id=442170 is getting officially released?
Thanks,
-Luke
--
Luke Bigum
Systems Administrator
iseek Communications Pty Ltd
Excellence in business data solutions
ph 1300 661 668 fax 1300 661 540
www.iseek.com.au<http://www.iseek.com.au/>
15 years, 8 months
[Fedora-directory-users] Fedora DS Installation
by Gene Poole
I would like to install the latest release of Fedora Directory Server onto
a specific filesystem. Does anyone know how this can be done? Is it
possible using RPM?
TIA,
Gene Poole
15 years, 8 months
[Fedora-directory-users] Creating backup LDAP server.
by John Oliver
One of the projects on my plate is to have a working backup of an
existing fedora-ds server. I installed fedora-ds under CentOS 5.2 and
copied over the files that result from ns-slapd db2archive from the
existing server to the new machine.
First off, I know nothing about LDAP or fedora-ds in particular :-)
After looking at the existing server and what I had after installing on
the new server, I decided that running /usr/sbin/setup-ds-admin.pl was
probably necessary. I went through, answering the questions as best I
could (and figuring that the answers would be overwritten when I
restored the backup). I got this:
[08/07/10:10:18:52] - [Setup] Info Are you ready to set up your servers?
[08/07/10:10:18:56] - [Setup] Info yes
[08/07/10:10:18:56] - [Setup] Info Creating directory server . . .
[08/07/10:10:18:59] - [Setup] Info Your new DS instance 'unix-services2'
was suc
cessfully created.
[08/07/10:10:18:59] - [Setup] Info Creating the configuration directory
server .
. .
[08/07/10:10:22:08] - [Setup] Fatal Error: failed to open an LDAP
connection to
host 'unix-services2.my.domain.com.com' port '389' as user
'cn=Directory Ma
nager'. Error: unknown.
[08/07/10:10:22:08] - [Setup] Fatal Failed to create the configuration
directory
server
[08/07/10:10:22:08] - [Setup] Fatal Exiting . . .
Log file is '/tmp/setupVSpvCl.log
Yes, that's two ".com"s No idea why.
So, I stop the dirsrv process and try:
[root@localhost ~]# ns-slapd archive2db -D
/etc/dirsrv/slapd-unix-services2 -a
/var/lib/dirsrv/slapd-unix-services2/in
[10/Jul/2008:11:05:39 -0700] - ERROR: target server has no NetscapeRoot
configured
[10/Jul/2008:11:05:39 -0700] - archive2db: Failed to read backup file
set. Either the directory specified doesn't exist, or it exists but
doesn't contain a valid backup set, or file permissions prevent the
server reading the backup set. error=53 (Invalid request descriptor)
I have no idea what a NetscapeRoot is, why I would want one, or how I'd
get it. Googling didn't help me... I found many references to "-0
netscaperoot", but that seems to be in reference to
/etc/dirsrv/admin-serv/adm.conf which does not exist on my new server.
What is the easiest way for me to do this? Can I simply copy adm.conf
(and other files? Which ones?) from the existing server? Or is there
some mysterious problem about why the setup script couldn't contact the
LDAP server which is to blame?
--
***********************************************************************
* John Oliver http://www.john-oliver.net/ *
* *
***********************************************************************
15 years, 8 months
[Fedora-directory-users] Accessing Management Console
by John Oliver
fedora-idm-console asks me for User ID and Password (which I should
have), but wants an "Administration URL" as well. So far, nothing is
working. I've tried http://localhost/ http://localhost:9830 and my FQDN
as well as FQDN:9830 None work. What does it want? I've tried against
two servers that I can access 9830 via a web browser. It always says:
Cannot connect to the Admin Server "http:/"
The URL is not correct or the server is not running
It says it just like that... "http:/" Almost like it cannot read past
six characters.
--
***********************************************************************
* John Oliver http://www.john-oliver.net/ *
* *
***********************************************************************
15 years, 8 months
[Fedora-directory-users] Question on monitoring authorization
by Chun Tat David Chu
Hi all,
I've a question on monitoring authorization.
When a user without sufficient privileges and perform a search request on
the LDAP, the user will receive an empty result from the LDAP.
I followed the instruction from the Red hat Directory Server Administrator's
Guide and set the access mode to 777 to log all read, write and execute
commands.
When I look at the log of an unauthorize user, all I see is the following
[07/Jul/2008:11:08:37 -0400] conn=42 op=81 SRCH
base="ou=sandbox,ou=my_test,dc=example,dc=com" scope=1
filter="(objectClass=*)" attrs="objectClass javaClassName"
[07/Jul/2008:11:08:37 -0400] conn=42 op=81 RESULT err=0 tag=101 nentries=0
etime=0
The log doesn't indicate any authorization error. I was wondering if
there's additional settings that I can set on Fedora DS so I can easily tell
if a user is not authorize to perform a search operation on the LDAP.
Thanks!
- David
15 years, 8 months