Windows Sync Agreement: 00002108: LdapErr: DSID-0C0907FA, comment: Error processing control, data 0, vece
by Simon Josi
I had some working Sync Agreements between 389 and AD. Suddenly they
stopped working, I even tried with a fresh Installation of 389.
If I do a full rsync of a newly created agreement, the following two
lines appear in the error log:
[22/Jun/2009:15:52:39 +0200] NSMMReplicationPlugin - Beginning total
update of replica "agmt="cn=Informatik-Mitarbeiter" (dns2:389)".
[22/Jun/2009:15:52:39 +0200] NSMMReplicationPlugin - Finished total
update of replica "agmt="cn=Informatik-Mitarbeiter" (dns2:389)". Sent 0
entries.
But that seems not to be the whole truth. I've captured the network
traffic of a full resync via tcpdump:
bindRequest(1) "cn=Amanda,cn=users,dc=rz-altdorf,dc=local" simple
bindResponse(1) succes
searchRequest(2) "dc=rz-altdorf,dc=local" wholeSubtree
searchResDone(2) unwillingToPerform (00002108: LdapErr: DSID-0C0907FA,
comment: Error processing control, data 0, vece) [0 results]
The complete dump can be found here: http://pastie.org/521301
Seems to be an issue with the replControlValue Control. I don't find
much Information on the net about this error.
Any Ideas?
Regards,
Simon
14 years, 10 months
using uid rather then cn in the binddn
by Dumbo Q
Is there any reason to use cn vs. uid for a user login. I would like people to be able to use uid=... as their binddn, and Leave cn as the users full name. I'm just not sure how this works, or why for that matter.
1. The ldap browser tool that i am using displays a tree view of my ldap entries. In the tree, it displays the cn for each user (which in my opinion should be the full name).
2. When a linux user logs in, ldap binds as the user logging in with 'cn=userid,ou=...'. Im not sure how it knows to use cn rather then uid, and i don't see anywhere to specify that. So, my usernames are all stored in as cn.
3. Thunderbird's addressbook displays the cn as the persons full name. In my case, that means that you see everyones username instead of there real name. It does not respect the displayname attribute like outlook does. There is a workaround in 'user.js' but that would be a real pain to set that up on everyones computer.
I believe my solution would be to have each users dn use uid rather then cn. Is this the correct approach? Is this possible?
14 years, 10 months
Registering to a central admin server
by Chris Phillips
Hi,
Can someone describe how to register an existing dirsrv instance to an
existing admin server? The ds-setup-admin.pl scripts clearly performs the
registration exercise along with the build, but I can't see how to do this
as a single, 100% safe non-destructive way of registering existing machines
to a central admin server, to avoid having to annoyingly connect to admin
instances on evey existing machine as we currently have to.
Thanks
Chris
14 years, 10 months
Add to registering
by Emmanuel BILLOT
Hi,
Is there any main interest in registering server in a configuration
server, other than having only one console ?
BR,
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
14 years, 10 months
Registering
by Emmanuel BILLOT
Hi,
We want to use a FDS based directory, 2 multimasters, 5 replicas.
Is it useful to register all those servers in a configuration server ?
What is the main interest in registring servers ?
BR,
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
14 years, 10 months
Help Needed -----Linux Ldap Client machine unable to login Fedors DS
by Hakuna Matata
Hi,
I am new to FDS, i have set this up as per the documentation . It is
working fine .
Now want that linux client (CentOS 5.3) to authenticate with FDS.
hostname of FDS = ldap.fds.local
i create a user test01 and fill the posix information
on client machine i am using system-config-authentiation
1. check the LDAP box and filled the details as .
LDAP search base dn = dc=vfds, dc=local
LDAP Server = ldap://ldap.vfds.local
then i rebooted the machine and trying to login via user test01. now
it is showing error as username or password incorrect.
i would really appreciate if someone can give me some pointer or help
where i am doing wrong.
Many Thanks in advance
Best regards
--H
14 years, 10 months
Dynamic groups and maillist
by Robert Ludvik
Hi
Is there a way to use dynamic groups in FDS for group mails? I use
LDAPAdmin for managing FDS users and groups and can't figure it out (if
it is even possible).
Regards
14 years, 10 months
Unregistering a server from a configuration server
by Vince Tingey
Hi Everyone!
I'm new to this server so please take it easy on me :-)
I found plenty of documentation to register a secondary server with a
primary configuration server. I could not find any documentation on how
to unregister the server if its no longer around or some other reason.
I'd like it to not show up in the console anymore. How do I do this?
Thank you,
--
Vince | Michael Smith Laboratories
IT Systems Coordinator | University of British Columbia
14 years, 10 months
lookthroughlimit and "result: 11 Administrative limit exceeded"
by Hartmann, Tim
Hi!
So I've got a RHDS installation that I'm serving automount points off
of, and I ran into this error unexpectedly
# search result
search: 2
result: 11 Administrative limit exceeded
# numResponses: 1
I was able to search around and found this in the Doc's which seems to
be the answer:
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Indexes.htm...
However when I set "lookthroughlimit" to unlimited (-1) I then start
getting result, but they are horrible!! Seconds between results!
Whereas my old OpenLDAP servers respond immediately to the request! The
search filter that the server seems to be sending is this:
"(&(objectClass=posixAccount)(uidNumber=XXX))"
I'm not super thrilled about allowing unlimited lookthroughlimit on the
whole directory, but I'm not sure how else to get quick results from a
search like that... er... help?!
Thanks
Tim
14 years, 10 months