[Fedora-directory-users] Allow root to change user's passwords
by Orion Poplawski
I'm used to being able to change user's passwords as root using the
"passwd" command on my main server (this was with NIS and the master
shadow file kept on the server). Now with FDS, I get:
# passwd orion
Changing password for user orion.
Enter login(LDAP) password:
and I must enter the password for the user "orion". This gets tricky
when the user has forgotten their password.
Is there a way to avoid this first check and allow root to force a
change of the password?
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion(a)cora.nwra.com
Boulder, CO 80301 http://www.cora.nwra.com
14 years, 10 months
[Fedora-directory-users] Password
by Per Qvindesland
Hi List
Does anyone know how I can configure it to auomaticly set the username as
the first password so the user can change the password on first login?
Regards
Per Qvindesland
15 years
[Fedora-directory-users] Too many FDS open
by James Chavez
Hello Rich, list,
Earlier today we started getting this error in our FDS error log
repeatedly. Obviously connections were being refused at this point. I
had to restart the directory server for the server to function again.
Prior to releasing this box into production I did set the parameters
according to the Installation guide specifications. The output of
"ulimit -n" is 8192. The output of "sysctl -p" is below.(I increased
fs.file-max from 64000)Does anything look off?
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 300
fs.file-max = 128000
net.ipv4.ip_local_port_range = 1024 65000
I also changed the setting in the config from
nsslapd-maxdescriptors: 1024 to
nsslapd-maxdescriptors: 8192
Is there a way to tweak these settings so that this will not happen in
the future?
This is a dedicated consumer or read only replica.
Directory size is roughly 20,000 users.
We are running FC9 and FDS 1.1.1-3.
We are lacking in RAM but look to improve on that shortly.
I do see on the web past posts to this list regarding this error, I am
currently looking through them. Is there anyone out there that has
experienced this and gotten past it?
Thanks
James
[25/Feb/2009:13:30:08 -0600] - Not listening for new connections - too
many fds open
[25/Feb/2009:13:30:08 -0600] - Listening for new connections again
[25/Feb/2009:13:30:08 -0600] - Not listening for new connections - too
many fds open
[25/Feb/2009:13:30:08 -0600] - Listening for new connections again
CONFIDENTIALITY
This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof.
ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity.
15 years
[Fedora-directory-users] udev rules
by Ramiro Fabricio Pulgar Montero
Hi,
I want to know if I could assign udev rules through ldap / fedora directory server. I was looking for this information but I can't find it.
Thanks a lot for your help
Regards / Saludos
Ramiro Fabricio Pulgar M.
Mobile: (593 9) 2751705
Office: (593 2) 6007777 ext 206
MSN: milovisho(a)hotmail.com
Skype: milovisho
“An expert is a man who has made all the mistakes which can be made in a narrow field” – Niels Bohr
Disclaimer: The information contained in this e-mail is confidential and intended only for the use of the person or company to which it is addressed. This information is considered provisional and referential; it can not be totally or partially distributed nor copied by any media without the authorization from the sender. The sender does not assume responsibility about this information, opinions or criteria contented in this e-mail.
_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy!
http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.as...
15 years
[Fedora-directory-users] SSL failure
by Emmanuel BILLOT
Hi,
I want to import a personal cert generated lik this :
* /usr/bin/openssl x509 -extfile .cfg -days 365 -CAserial ca.ser -CA
ca.crt -CAkey ca.key -in toutou.csr -req -out toutou.crt
I make a PKCS12 export :
* /usr/bin/openssl pkcs12 -export -in toutou.crt -inkey toutou.key
-certfile ca.crt -name "toutou" -caname "toutou" -out toutou.p12
I introduce it in FDS db :
* pk12util -d /etc/dirsrv/slapd-ldapnew -n "toutou" -i toutou.p12
I check import :
* certutil -L -d /etc/dirsrv/slapd-ldapnew
I configure FDS ti user SSL encryption with management console, and
restart it.
It fails with error :
[27/Feb/2009:13:59:17 +0100] - SSL alert: CERT_VerifyCertificateNow:
verify certificate failed for cert toutou of family
cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8101 -
Certificate type not approved for application.)
[27/Feb/2009:13:59:17 +0100] - SSL failure: None of the cipher are valid
What's wrong ?
Is there any special option to give to openssl for generating cert ?
BR,
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
15 years
[Fedora-directory-users] Managing key3.db file
by Emmanuel BILLOT
Hi,
I want to use an external certificate (not generated by FDS/RHDS console).
I have a crt file and a key file.
Is there any method to add the key file to key3.db ?
Is it possible to add a 'not FDS generated cert" to FDS ?
BR,
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
15 years
[Fedora-directory-users] Password policy don't work on a subtree
by Hugo Etievant
hello,
version : Directory Server 1.1.3 on Fedora 8 64 bits plateform
When i configure a password policy on a subtree of my directory, this
policy do not works.
When i configure a global password policy, this global policy works but
ignore locals policy of subtrees.
when i look at the databases ldif backup, il do not find the
"passwordMinLength" attribute for local password policy for subtrees
but this attribut exists in dse ldif for the global policy !
how resolve this ?
regards
--
* Hugo Étiévant *
15 years
[Fedora-directory-users] Creating a Certificate With Multiple Hostnames
by Emmanuel BILLOT
Hi,
We need to bind on a FDS in sceure mode, with client using several
hostname for this server.
Is it possible to create a multiple hostname certificate ?
BR,
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
15 years
Re: Re: [Fedora-directory-users] unique uid problem
by Eric
yes but it operates only when I use console to add new user id. when I use
command ldapadd for adding users with ldif files, some users with the same
value in uid are added.where is the problem?
>
>> >
>> > Message: 2
>> > Date: Mon, 23 Feb 2009 12:08:01 +0100
>> > From: Roberto Polli <rpolli(a)babel.it>
>> > Subject: Re: [Fedora-directory-users] unique uid problem
>> > To: "General discussion list for the Fedora Directory server
>> > project."
>> > <fedora-directory-users(a)redhat.com>
>> > Message-ID: <200902231208.01500.rpolli(a)babel.it>
>> > Content-Type: text/plain; charset="iso-8859-15"
>> >
>> > On Monday 23 February 2009 03:08:56 John A. Sullivan III
>> > wrote:
>> > > > when I want to make a new user in fedora-ds using
>> > console, can't set
>> > > > the value that exists before for uid but when using
>> > command line for
>> > > > ldapadd,it adds replicated uid valiue.
>> > which uid?
>> > nsUniqueId or EntryUUID
>> >
>> > Peace, R.
>> > --
>> >
>> > --
>> > Fedora-directory-users mailing list
>> > Fedora-directory-users(a)redhat.com
>> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>> --
>> John A. Sullivan III
>> Open Source Development Corporation
>> +1 207-985-7880
>> jsullivan(a)opensourcedevel.com
>>
>> http://www.spiritualoutreach.com
>> Making Christianity intelligible to secular society
>>
>>
>>
>> ------------------------------
>>
>
>
15 years
[Fedora-directory-users] Re: Fedora-directory-users Digest, Vol 45, Issue 24
by Eric
yes but it operates only when I use console to add new user id. when I use
command ldapadd for adding users with ldif files, some users with the same
value in uid are added.where is the problem?
>
> >
> > Message: 2
> > Date: Mon, 23 Feb 2009 12:08:01 +0100
> > From: Roberto Polli <rpolli(a)babel.it>
> > Subject: Re: [Fedora-directory-users] unique uid problem
> > To: "General discussion list for the Fedora Directory server
> > project."
> > <fedora-directory-users(a)redhat.com>
> > Message-ID: <200902231208.01500.rpolli(a)babel.it>
> > Content-Type: text/plain; charset="iso-8859-15"
> >
> > On Monday 23 February 2009 03:08:56 John A. Sullivan III
> > wrote:
> > > > when I want to make a new user in fedora-ds using
> > console, can't set
> > > > the value that exists before for uid but when using
> > command line for
> > > > ldapadd,it adds replicated uid valiue.
> > which uid?
> > nsUniqueId or EntryUUID
> >
> > Peace, R.
> > --
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users(a)redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> --
> John A. Sullivan III
> Open Source Development Corporation
> +1 207-985-7880
> jsullivan(a)opensourcedevel.com
>
> http://www.spiritualoutreach.com
> Making Christianity intelligible to secular society
>
>
>
> ------------------------------
>
15 years