389-users June 2009

389-users@lists.fedoraproject.org

50 participants
63 discussions

Windows Sync Agreement: 00002108: LdapErr: DSID-0C0907FA, comment: Error processing control, data 0, vece
by Simon Josi 23 Jun '09

23 Jun '09

I had some working Sync Agreements between 389 and AD. Suddenly they stopped working, I even tried with a fresh Installation of 389. If I do a full rsync of a newly created agreement, the following two lines appear in the error log: [22/Jun/2009:15:52:39 +0200] NSMMReplicationPlugin - Beginning total update of replica "agmt="cn=Informatik-Mitarbeiter" (dns2:389)". [22/Jun/2009:15:52:39 +0200] NSMMReplicationPlugin - Finished total update of replica "agmt="cn=Informatik-Mitarbeiter" (dns2:389)". Sent 0 entries. But that seems not to be the whole truth. I've captured the network traffic of a full resync via tcpdump: bindRequest(1) "cn=Amanda,cn=users,dc=rz-altdorf,dc=local" simple bindResponse(1) succes searchRequest(2) "dc=rz-altdorf,dc=local" wholeSubtree searchResDone(2) unwillingToPerform (00002108: LdapErr: DSID-0C0907FA, comment: Error processing control, data 0, vece) [0 results] The complete dump can be found here: http://pastie.org/521301 Seems to be an issue with the replControlValue Control. I don't find much Information on the net about this error. Any Ideas? Regards, Simon

2 1

using uid rather then cn in the binddn
by Dumbo Q 22 Jun '09

22 Jun '09

Is there any reason to use cn vs. uid for a user login. I would like people to be able to use uid=... as their binddn, and Leave cn as the users full name. I'm just not sure how this works, or why for that matter. 1. The ldap browser tool that i am using displays a tree view of my ldap entries. In the tree, it displays the cn for each user (which in my opinion should be the full name). 2. When a linux user logs in, ldap binds as the user logging in with 'cn=userid,ou=...'. Im not sure how it knows to use cn rather then uid, and i don't see anywhere to specify that. So, my usernames are all stored in as cn. 3. Thunderbird's addressbook displays the cn as the persons full name. In my case, that means that you see everyones username instead of there real name. It does not respect the displayname attribute like outlook does. There is a workaround in 'user.js' but that would be a real pain to set that up on everyones computer. I believe my solution would be to have each users dn use uid rather then cn. Is this the correct approach? Is this possible?

2 5

Registering to a central admin server
by Chris Phillips 22 Jun '09

22 Jun '09

Hi, Can someone describe how to register an existing dirsrv instance to an existing admin server? The ds-setup-admin.pl scripts clearly performs the registration exercise along with the build, but I can't see how to do this as a single, 100% safe non-destructive way of registering existing machines to a central admin server, to avoid having to annoyingly connect to admin instances on evey existing machine as we currently have to. Thanks Chris

2 9

Add to registering
by Emmanuel BILLOT 22 Jun '09

22 Jun '09

Hi, Is there any main interest in registering server in a configuration server, other than having only one console ? BR, -- ========================================== Emmanuel BILLOT IRD - Orléans Délégation aux Systèmes d'Information (DSI) tél : 02 38 49 95 88 ==========================================

2 1

Registering
by Emmanuel BILLOT 22 Jun '09

22 Jun '09

Hi, We want to use a FDS based directory, 2 multimasters, 5 replicas. Is it useful to register all those servers in a configuration server ? What is the main interest in registring servers ? BR, -- ========================================== Emmanuel BILLOT IRD - Orléans Délégation aux Systèmes d'Information (DSI) tél : 02 38 49 95 88 ==========================================

1 0

Help Needed -----Linux Ldap Client machine unable to login Fedors DS
by Hakuna Matata 22 Jun '09

22 Jun '09

Hi, I am new to FDS, i have set this up as per the documentation . It is working fine . Now want that linux client (CentOS 5.3) to authenticate with FDS. hostname of FDS = ldap.fds.local i create a user test01 and fill the posix information on client machine i am using system-config-authentiation 1. check the LDAP box and filled the details as . LDAP search base dn = dc=vfds, dc=local LDAP Server = ldap://ldap.vfds.local then i rebooted the machine and trying to login via user test01. now it is showing error as username or password incorrect. i would really appreciate if someone can give me some pointer or help where i am doing wrong. Many Thanks in advance Best regards --H

5 18

Dynamic groups and maillist
by Robert Ludvik 21 Jun '09

21 Jun '09

Hi Is there a way to use dynamic groups in FDS for group mails? I use LDAPAdmin for managing FDS users and groups and can't figure it out (if it is even possible). Regards

1 0

Unregistering a server from a configuration server
by Vince Tingey 19 Jun '09

19 Jun '09

Hi Everyone! I'm new to this server so please take it easy on me :-) I found plenty of documentation to register a secondary server with a primary configuration server. I could not find any documentation on how to unregister the server if its no longer around or some other reason. I'd like it to not show up in the console anymore. How do I do this? Thank you, -- Vince | Michael Smith Laboratories IT Systems Coordinator | University of British Columbia

2 1

Re: [389-users] lookthroughlimit and "result: 11 Administrative limit exceeded"
by Diretorio Livre 19 Jun '09

19 Jun '09

2 1

lookthroughlimit and "result: 11 Administrative limit exceeded"
by Hartmann, Tim 19 Jun '09

19 Jun '09

Hi! So I've got a RHDS installation that I'm serving automount points off of, and I ran into this error unexpectedly # search result search: 2 result: 11 Administrative limit exceeded # numResponses: 1 I was able to search around and found this in the Doc's which seems to be the answer: http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Indexes.html#… However when I set "lookthroughlimit" to unlimited (-1) I then start getting result, but they are horrible!! Seconds between results! Whereas my old OpenLDAP servers respond immediately to the request! The search filter that the server seems to be sending is this: "(&(objectClass=posixAccount)(uidNumber=XXX))" I'm not super thrilled about allowing unlimited lookthroughlimit on the whole directory, but I'm not sure how else to get quick results from a search like that... er... help?! Thanks Tim

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users June 2009