[Fedora-directory-users] Problem with mmldif tool
by neuron ring
Hi all,
I need a clarification regarding mmldif tool in *Red Hat-Directory/8.0.0
B2007.353.1140*
1. I need to merge to input files using mmldif tool
2. I m exporting it to a ldif file using db2ldif tool
*/opt/dirsrv/slapd-<instance1> /db2ldif -n <backend_instance1>
/opt/dirsrv/slapd-<instance1> /db2ldif -n <backend_instance2>*
3. I got two ldif files by exporting two directory server instance
databases.
*One.ldif*
dn: sn=Jensen,dc=siroe,dc=com
objectclass: top
objectclass: person
cn: Babs Jensen
sn: Jensen
telephoneNumber: 555-5550
createTimestamp: 100
dn: sn=Minsky,dc=siroe,dc=com
objectclass: top
objectclass: person
cn: Pete Minsky
sn: Minsky
telephoneNumber: 555-5551
createTimestamp: 100
dn: sn=Rose,dc=siroe,dc=com
objectclass: top
objectclass: person
cn: Paula Rose
sn: Rose
telephoneNumber: 555-5552
createTimestamp: 100
*Two.ldif*
dn: sn=Jensen,dc=siroe,dc=com
objectclass: top
objectclass: person
cn: Babs Jensen
sn: Jensen
telephoneNumber: 555-5550
createTimestamp: 100
dn: sn=Minsky,dc=siroe,dc=com
objectclass: top
objectclass: person
cn: Pete Minsky
sn: Minsky
telephoneNumber: 555-5559
modifyTimestamp: 200
dn: sn=Morris,dc=siroe,dc=com
objectclass: top
objectclass: person
cn: Ted Morris
sn: Morris
telephoneNumber: 555-5558
createTimestamp: 200
dn: sn=Rose,dc=siroe,dc=com
objectclass: nsTombstone
deleteTimestamp: 200
4. Now I m trying to use mmldif tool.
5. */opt/dirsrv/bin/mmldif -c -D -o /home/neuronring/output.ldif /home/
neuronring/one.ldif /home/ neuronring/two.ldif*
6. Finally everything *IN VAIN, *I got the following error:
*[18/Mar/2009:11:35:04 +051800] - finger printing directory 0
[18/Mar/2009:11:35:04 +051800] - db0: dn: sn=Jensen,dc=siroe,dc=com
/opt/dirsrv/bin/mmldif[50]: 18247 Memory fault(coredump)*
The following files are created in my path.
1. one.ldif.delta
2. two.ldif.delta
These two files has no data 0 bytes size.
3. core – size 1882552 bytes
Even I tried exporting the database with –r option (for replica) after
stopping the instance. I m getting this error continuously with different
error numbers like, /opt/dirsrv/bin/mmldif[50]: *10854* Memory
fault(coredump).
Somebody please suggest me to resolve this issue.
Thanks in advance,
Neuron Ring.
15 years
[Fedora-directory-users] Sync diff subtrees ?
by Emmanuel BILLOT
Hi,
Yet a new pb (sorry :-( )
I try to sync to different subtrees
ou=People,dc=orleans,dc=ird,dc=fr and
cn=utilisateurs,cn=orleans,dc=ird,dc=fr
since replication assistant asked for each sub tree, i thought it was
easy to map it together.
Logs say :
[19/Mar/2009:14:53:33 +0100] NSMMReplicationPlugin - received entry from
dirsync: CN=toutou,CN=Users,DC=ird,DC=fr
[19/Mar/2009:14:53:33 +0100] NSMMReplicationPlugin - agmt="cn=j"
(porlsvrdc0003:636): windows_process_total_entry: Looking
dn="uid=zizou,ou=People,dc=orleans,dc=ird,dc=fr" (ours)
[19/Mar/2009:14:53:33 +0100] NSMMReplicationPlugin - agmt="cn=j"
(porlsvrdc0003:636): map_entry_dn_outbound: looking for AD entry for DS
dn="uid=zizou,ou=People,dc=orleans,dc=ird,dc=fr" guid="(null)"
[19/Mar/2009:14:53:33 +0100] NSMMReplicationPlugin - agmt="cn=j"
(porlsvrdc0003:636): map_entry_dn_outbound: looking for AD entry for DS
dn="uid=zizou,ou=People,dc=orleans,dc=ird,dc=fr" username="zizou"
[19/Mar/2009:14:53:33 +0100] - Calling windows entry search request plugin
[19/Mar/2009:14:53:33 +0100] NSMMReplicationPlugin - agmt="cn=j"
(porlsvrdc0003:636): map_entry_dn_outbound: entry not found - rc -1
Any idea ?
BR,
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
15 years
Re: [Fedora-directory-users] Nothing happens on Win Sync ?
by Emmanuel BILLOT
Emmanuel BILLOT a écrit :
> Many tests give the followibng result
>
> [root@ldapnew slapd-ldapnew]# /usr/lib/mozldap/ldapsearch -h
> porlsvrdc0003.ird.fr -p 636 -D "cn=toutou,cn=Users,dc=ird,dc=fr" -w -
> -Z -P /etc/dirsrv/slapd-ldapnew/cert8.db -s base -b "" "objectclass=*"
> Enter bind password:
> ldap_simple_bind: Can't contact LDAP server
> SSL error -8183 (security library: improperly formatted
> DER-encoded message.)
>
> However, cert seems to be ok:
> - ldaps:636 works on ldap.exe client (Windows)
> - ldaps:636 works on ldapsearch -x -H ldaps://porlsvrdc0003.ird.fr -D
> "cn=toutou,cn=Users,dc=ird,dc=fr" -W -b "dc=ird,dc=fr" with the
> "classic" ldapsearch client
>
> How can i debug it ?
>
> BR,
>
Ok i found what was wrong : the request.inf from which the req cert is
generated contained an unknow item value
[Extensions]
2.5.29.17=xxxxxxxx
The inf file without the extensions section generate a good req file and
then a valid cert.
BR,
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
15 years
Re: [Fedora-directory-users] Nothing happens on Win Sync ?
by Emmanuel BILLOT
Many tests give the followibng result
[root@ldapnew slapd-ldapnew]# /usr/lib/mozldap/ldapsearch -h
porlsvrdc0003.ird.fr -p 636 -D "cn=toutou,cn=Users,dc=ird,dc=fr" -w - -Z
-P /etc/dirsrv/slapd-ldapnew/cert8.db -s base -b "" "objectclass=*"
Enter bind password:
ldap_simple_bind: Can't contact LDAP server
SSL error -8183 (security library: improperly formatted
DER-encoded message.)
However, cert seems to be ok:
- ldaps:636 works on ldap.exe client (Windows)
- ldaps:636 works on ldapsearch -x -H ldaps://porlsvrdc0003.ird.fr -D
"cn=toutou,cn=Users,dc=ird,dc=fr" -W -b "dc=ird,dc=fr" with the
"classic" ldapsearch client
How can i debug it ?
BR,
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
15 years
[Fedora-directory-users] Nothing happens on Win Sync ?
by Emmanuel BILLOT
Hi,
I configured Win Sync with a 2003 server, ldaps:636 works on each side.
I've got many entries in FDS, i laucnh "Initialize Full
Re-synchronization". A pop up indicate the process is running.
But noting happens, logs are
[19/Mar/2009:10:09:48 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): State: backoff -> backoff
[19/Mar/2009:10:09:48 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): State: backoff -> backoff
[19/Mar/2009:10:09:48 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): No linger to cancel on the connection
[19/Mar/2009:10:09:48 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): Disconnected from the consumer
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): windows_inc_stop: protocol stopped after 1 seconds
[19/Mar/2009:10:09:49 +0100] - acquire_replica, supplier RUV:
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - supplier:
{replicageneration} 4975e2f8000000010000
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - supplier: {replica
1 ldap://ldapnew.intranet.orleans.ird.fr:389} 4975e382000000010000
49c20a2b000000010000 49c20a2b
[19/Mar/2009:10:09:49 +0100] - acquire_replica, consumer RUV:
[19/Mar/2009:10:09:49 +0100] - acquire_replica, consumer RUV = null
[19/Mar/2009:10:09:49 +0100] - acquire_replica, supplier RUV is newer
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): Trying secure slapi_ldap_init
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): binddn = cn=zizou zizou,cn=Users,dc=ird,dc=fr, passwd =
{DES}hEWPI2lOsxbq1sXNqsB92Q==
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): Disconnected from the consumer
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): Beginning linger on the connection
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): No linger on the closed conn
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): No linger to cancel on the connection
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): Disconnected from the consumer
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): State: start -> ready_to_acquire_replica
[19/Mar/2009:10:09:49 +0100] - acquire_replica, supplier RUV:
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - supplier:
{replicageneration} 4975e2f8000000010000
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - supplier: {replica
1 ldap://ldapnew.intranet.orleans.ird.fr:389} 4975e382000000010000
49c20a2b000000010000 49c20a2b
[19/Mar/2009:10:09:49 +0100] - acquire_replica, consumer RUV:
[19/Mar/2009:10:09:49 +0100] - acquire_replica, consumer RUV = null
[19/Mar/2009:10:09:49 +0100] - acquire_replica, supplier RUV is newer
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): Trying secure slapi_ldap_init
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): binddn = cn=zizou zizou,cn=Users,dc=ird,dc=fr, passwd =
{DES}hEWPI2lOsxbq1sXNqsB92Q==
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): Disconnected from the consumer
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): Beginning linger on the connection
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): No linger on the closed conn
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin -
windows_acquire_replica returned transient_error (105)
[19/Mar/2009:10:09:49 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): State: ready_to_acquire_replica -> start_backoff
[19/Mar/2009:10:09:52 +0100] NSMMReplicationPlugin - agmt="cn=win"
(10:636): State: start_backoff -> backoff
What's wrong ?
BR,
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
15 years
[Fedora-directory-users] Password History Navigation
by Hugo Etievant
Hi,
I have setted a password policy with password history.
When i use ldappasswd for change password, this tool says me "Constraint
violation" but that do not mean the real raison of failure.
=>>> How can we verify if a password is in the history list ???
my follwing command is not successful :
ldapsearch -h HOST -p 389 -D "cn=ADMIN" -b "ou=UNIT,dc=HOST,dc=COM" -x
-w - "(passwordHistory=OLDPASSWD)" dn
regards
--
* Hugo Étiévant *
**
15 years
[Fedora-directory-users] Plug in
by Emmanuel BILLOT
Hi,
Is there an exhaustive list of plug in developped for FDS ?
Where can i found a detailed method to create one ?
BR,
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
15 years
[Fedora-directory-users] FDS Password policy and passsync
by Hugo Etievant
hello,
Step 1 :
A have create a replication agreement betwen a FDS (DS 1.1.3 on Fedora
8) server and a Windows 2003 Server (Active Directory).
User's passwords are successfully synchronized.
Step 2 :
I activated password policy in FDS and in AD.
Password policies are identical.
But some passwords are not synchronized betwen AD and FDS (in this way
only).
error message in log :
03/12/09 09:49:01: Ldap error in ModifyPassword
19: Constraint violation
03/12/09 09:49:01: Modify password failed for remote entry:
uid=foobar,ou=people,dc=inrp,dc=fr
03/12/09 09:49:01: Deferring password change for foobar
details of password policy in FDS :
nsslapd-security: on
nsslapd-auditlog-logging-enabled: on
nsslapd-errorlog-level: 8192
nsslapd-pwpolicy-local: on
passwordMinLength: 8
passwordMinCategories: 3
passwordMinTokenLength: 2
passwordCheckSyntax: on
passwordMinAlphas: 0
passwordMinDigits: 0
passwordMaxAge: 63072000 (secondes = 730 days)
passwordExp: on
passwordHistory: on
passwordWarning: 0
passwordInHistory: 10
details of password policy in AD (i use "Windows Server 2003 Password
Complexity Requirements") :
* Passwords cannot contain the user's account name or parts of the
user's full name that exceed two consecutive characters.
* Passwords must be at least 6 characters in length.
* Passwords must contain characters from three of the following four
categories:
1.
English uppercase characters (A through Z).
2.
English lowercase characters (a through z).
3.
Base 10 digits (0 through 9).
4.
Non-alphabetic characters (for example, !, $, #, %).
password history = 10
max age : 730 days
password min len : 8
Why some of my users ahve problems (FDS no not accept new Windows
password) ?
regards
--
* Hugo Étiévant *
15 years