[Fedora-directory-users] Per-hos access
by Michal Nosek
Hello
I am looking for an ACL rule, which will allow client the access for
searching only those entries, which got the same "host" attribute value
as IP address of the client.
Or is it possible to get RHDS to return different results depending on
the hostname/IP of the client accesing the server?
I would like keep the client configuration identical and as simple as
possible.
Thank you for any tips
--
Michal
14 years, 11 months
[Fedora-directory-users] Wildcards in groupdn in ACIs
by John A. Sullivan III
Hello, all. We are still refining how we want to deploy 389 in a
multi-tenant environment. To grant access to the admins for each tenant
to manage their own external contact lists, we created an ACI as
follows:
(targetattr = "*") (target = "ldap:///($dn),o=external,dc=ssiservices,
dc=biz") (version 3.0;acl "Client Administrators External";allow
(all)(groupdn =
"ldap:///cn=*ldapadmins,ou=groups,[$dn],o=internal,dc=ssiservices,dc=biz");)
Each tenant has a client number which is prefixed to the ldapadmins
group cn so that we don't have thousands of groups with the same cn so,
for example, c001ldapadmins, c002ldapadmins. Hence the * in the cn.
However, it does not seem to work. Client admins are told they do not
have rights to add new objects. If we replace the * with the prefix,
e.g.,
"ldap:///cn=c001ldapadmins,ou=groups,[$dn],o=internal,dc=ssiservices,dc=biz"), it works fine. Is there a way to use wildcards in a groupdn? The literature explicitly says so for userdn but not groupdn. Thanks - John
PS - I first tried sending this to 389-users but that mail bounced -
John
--
John A. Sullivan III
Open Source Development Corporation
Street Preacher: Are you SAVED?????!!!!!!
Educated Skeptic: Saved from WHAT?????!!!!!!
Educated Believer: From our selfishness that hurts the ones we love
and condemns us to an eternity of hurting each other.
http://www.spiritualoutreach.com
Christianity that makes sense
14 years, 11 months
[Fedora-directory-users] Regarding data deletion in FDS
by debu
Hi All,
We had implemented FDS in one of our server.
Now with lots of testing going around for quite a few application, i ended up with lot of junk data in my FDS server.
I am all set to delete these 1 lac + data( out of which only some 3K+ is valid for me as of now :-/ )
But before this i wanted to know/ get some advice, that will these deletion
1 / will cause any issue on my server?
2/ Would it auto refresh its index and all?
3/ any otehr aspect should i consider before/after this activity.
I have-
fedora-ds-1.1.2-1
RHEL 5 - 32 bit.
Thanks,
Debajit kataki
14 years, 11 months
[Fedora-directory-users] aliasedObjectName problem
by tamarin p
I'm running into some problems when trying to add some alias entries and
importing with ldapmodify or ldif2db. I'm using the directory server version
1.2.0.
Example of LDIF
dn: aliasedobjectname="ou=foo,dc=test,dc=com",ou=bar,ou=test,dc=com
changetype: add
aliasedObjectName: ou=foo,dc=test,dc=com
objectClass: top
objectClass: alias
When I run this I get:
ldapmodify: Object class violation (65)
additional info: single-valued attribute "aliasedObjectName" has
multiple values
Same when I use ldif2db.. What am I doing wrong?
14 years, 11 months
[Fedora-directory-users] DNA MultiMaster
by Edward "koko" Konetzko
Sorry if this already posted, I seem to be having trouble with email today.
I have read the following pages and cannot exactly figure out how to do
what I want.
http://directory.fedoraproject.org/wiki/DNA_Plugin
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/dna.html
I have 2 companies I want to set ranges for company 1gets range
uidNumber and gidNumber 1Million - (2Million -1) and Company 2 gets
Range uidNumber and gidNumber 2 Million - (3Million -1). DIT layout is
{ou=people,ou=groups,ou=ranges}, ou= Company{1,2}, dc=example, dc=com.
I Setup company 1 on master1 with the following ldifs.
dn: ou=Ranges,ou=Company1 dc=example, dc=com
objectclass: top
objectclass: extensibleObject
objectclass: organizationalUnit
ou: Ranges
dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
dn: cn=Company1 Account UIDs,cn=Distributed Numeric Assignment
Plugin,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: Company1 Account UIDs
dnatype: uidNumber
dnafilter: (objectclass=posixAccount)
dnascope: ou=Company1 , dc=example,dc=com
dnanextvalue: 1000000
dnaMaxValue: 1000500
dnasharedcfgdn: cn=Company1 Account UIDs,ou=Ranges,dc=example,dc=com
dnathreshold: 100
dnaRangeRequestTimeout: 60
dnaMagicRegen: magic
dnaNextRange: 1000501 - 1999999
I then repeat this on master2 but then when I add users to both servers
Master1 hands out uidNumber = 1 and Master2 hands out uidNumber = 1 for
their first adds and keep adding numbers incrementing by one thus
overlapping numbers. For gidNumber I basically use the same Ldifs
except I substitue Group UID for Account UID and gidNumber for uidNumber.
User add ldif looks as the following
dn: uid=test,ou=people,ou=Region1, dc=example,dc=com
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: test
gecos: test
gidNumber: magic
givenName: test
homeDirectory: /home/test
loginShell: /bin/bash
mail: test(a)example.com
o: test
shadowLastChange: 14098
shadowMax: 99999
shadowWarning: 7
sn: test
uid: test
uidNumber: magic
userPassword:: <password>
Question is what I am doing wrong?
Server is Redhat DS 8.1 on rhel 5 64bit.
Thanks
Edward
14 years, 11 months
[Fedora-directory-users] objectRenamed with JNDI persistent search
by Michael A. Epstein
Hi All,
I am trying to implement persistent search in a Java application. I have setup Fedora Directory to test this and it all seems to really work well except the objectRenamed event. When I remove, add or change an object I get the correct event; but renaming does not seem to work the way I expect it to. When I rename an object I do not get the event. However if I then I name it back to its original name get the objectRenamed event.
I need to know if is this the intended behavior and my expectations are wrong or if I am possibly doing something wrong?
Thank you for your time any help would be greatly appreciated.
Thanks,
Mike
14 years, 11 months
[Fedora-directory-users] dna multimaster
by Edward "koko" Konetzko
I have read the following pages and cannot exactly figure out how to do
what I want.
http://directory.fedoraproject.org/wiki/DNA_Plugin
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/dna.html
I have 2 companies I want to set ranges for company 1gets range
uidNumber and gidNumber 1Million - (2Million -1) and Company 2 gets
Range uidNumber and gidNumber 2 Million - (3Million -1). DIT layout is
{ou=people,ou=groups,ou=ranges}, ou= Company{1,2}, dc=example, dc=com.
I Setup company 1 on master1 with the following ldifs.
dn: ou=Ranges,ou=Company1 dc=example, dc=com
objectclass: top
objectclass: extensibleObject
objectclass: organizationalUnit
ou: Ranges
dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on
dn: cn=Company1 Account UIDs,cn=Distributed Numeric Assignment
Plugin,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: Company1 Account UIDs
dnatype: uidNumber
dnafilter: (objectclass=posixAccount)
dnascope: ou=Company1 , dc=example,dc=com
dnanextvalue: 1000000
dnaMaxValue: 1000500
dnasharedcfgdn: cn=Company1 Account UIDs,ou=Ranges,dc=example,dc=com
dnathreshold: 100
dnaRangeRequestTimeout: 60
dnaMagicRegen: magic
dnaNextRange: 1000501 - 1999999
I then repeat this on master2 but then when I add users to both servers
Master1 hands out uidNumber = 1 and Master2 hands out uidNumber = 1 for
their first adds and keep adding numbers incrementing by one thus
overlapping numbers. For gidNumber I basically use the same Ldifs
except I substitue Group UID for Account UID and gidNumber for uidNumber.
User add ldif looks as the following
dn: uid=test,ou=people,ou=Region1, dc=stabletransit,dc=com
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: test
gecos: test
gidNumber: magic
givenName: test
homeDirectory: /home/test
loginShell: /bin/bash
mail: test(a)example.com
o: test
shadowLastChange: 14098
shadowMax: 99999
shadowWarning: 7
sn: test
uid: test
uidNumber: magic
userPassword:: <password>
Question is what I am doing wrong?
Server is Redhat DS 8.1 on rhel 5 64bit.
Thanks
Edward
14 years, 11 months
[Fedora-directory-users] fds fails to start in centos 5.3 openvz instance
by Anthony Giggins
Hi Guys,
After installing fds on Centos 5.3 in an OpenVZ virtual instance from
the Enterprise Linux 5 instructions provided
http://directory.fedoraproject.org/wiki/Download
I'm getting the errors below in the logs when starting the service.
[04/May/2009:02:33:21 -0400] - Fedora-Directory/1.2.0 B2009.091.197
starting up
[04/May/2009:02:33:21 -0400] - Failed to create semaphore for stats file
(/var/run/dirsrv/slapd-sso.stats). Error 38.(Function not implemented)
I'm pretty sure this is going to be a OpenVZ issue but I thought I'd
post here first to get idea what is actually failing so I can
investigate the OpenVZ side of things, any information that can help me
troubleshoot this issue would be great.
Thank You
Anthony
14 years, 11 months
[Fedora-directory-users] Proposed new features for 1.3
by Rich Megginson
Here are some features we are considering for the next major version
(tentatively called 1.3). These are not in any particular order, and
this is quite an ambitious list, so we're not likely to complete all of
these in a single release. We would appreciate your help in
prioritizing this list, filling in any missing details, helping with
requirements/design/coding/testing/docs, and letting us know if there
are other features which would be nice to have.
In addition, we are considering using GIT instead of CVS for our SCM.
http://directory.fedoraproject.org/wiki/Roadmap#Version_1.3
14 years, 11 months
