Problems with replication over SSL
by Dan Weintraub
Hi all,
I'm trying to setup replication over ssl and am running into problems. I
first tried it unencrypted and all worked fine. I then copied over the
consumer's CA certificate and set up replication with SSL and Simple
Authentication. It doesn't work and I now get the following errors:
When I set it up:
supplier error log:
[01/Jun/2009:01:00:00 -0000] NSMMReplicationPlugin - agmt="cn=One"
(fds:389): Simple bind failed, LDAP sdk error 81 (Can't contact LDAP
server), Netscape Portable Runtime error -5938 (Encountered end of file.)
these appear thereafter:
consumer access log:
[01/Jun/2009:01:01:01 -0000] conn=898 fd=64 slot=64 connection from
10.1.1.100 to 10.1.1.101
[01/Jun/2009:01:01:01 -0000] conn=898 op=-1 fd=64 closed error 71
(Protocol error) - B1
consumer error log:
[01/Jun/2009:01:01:01 -0000] - conn=898 received a non-LDAP message (tag
0x80, expected 0x30)
Versions:
Supplier:
fedora-ds-1.1.2-1.fc6
fedora-ds-dsgw-1.1.1-1.fc6
fedora-ds-base-1.1.3-2.fc6
fedora-ds-admin-1.1.6-1.fc6
fedora-ds-admin-console-1.1.2-1.fc6
fedora-ds-console-1.1.2-1.fc6
Consumer:
fedora-ds-admin-1.1.7-3.fc6
fedora-ds-admin-console-1.1.3-1.fc6
fedora-ds-base-1.2.0-2.fc6
fedora-ds-dsgw-1.1.2-1.fc6
fedora-ds-console-1.2.0-1.fc6
fedora-ds-1.1.3-1.fc6
I'm at a loss as to how to proceed with troubleshooting and would
appreciate any suggestions.
Thanks,
Dan Weintraub
14 years, 10 months
Re: [389-users] loss of group members in AD after initialization of sync
by Rich Megginson
----- "jean-Noël Chardron" <Jean-Noel.Chardron(a)dr15.cnrs.fr> wrote:
> hello,
>
> When I initiate a first full synchronization of DS and AD I lost
> members
> in groups
>
> error log shows :
>
> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: looking for local entry matching
>
> AD entry [CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr]
> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid
>
> [c0e73a492ffbc04c9e85781a68f45023]
> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1
> [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid
> [SFC]
> [...]
> [10/Jun/2009:15:00:11 +0200] - Windows sync entry: Adding new local
> entry dn: cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr
> objectClass: top
> objectClass: groupofuniquenames
> objectClass: ntGroup
> ntGroupDeleteGroup: true
> cn: SFC
> description: Service Financier et Comptable
> uniqueMember: uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15,
> dc=cnrs, dc=
> fr
> uniqueMember:[...]
> follow 10 members
>
> [...]
> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - received entry
> from
> dirsync: CN=MX,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr
> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: looking for local entry matching
>
> AD entry [CN=MX,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr]
> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid
>
> [0cdf6e627d64684cb10c70b3b8753fda]
> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1
> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid
> [MX]
> [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: problem looking for username:
> -1
> [10/Jun/2009:15:00:24 +0200] - Windows sync entry: Adding new local
> entry dn: uid=MX,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs,
> dc=fr
> objectClass: top
> objectClass: person
> objectClass: organizationalperson
> objectClass: inetOrgPerson
> objectClass: ntUser
> ntUserDeleteAccount: true
> uid: MX
> sn: MX
> givenName: Guillaume
> cn: MX
> ntUserCodePage: 0
> ntUserAcctExpires: 0
> ntUserDomainId: MX
> mail: Guillaume.MX(a)dr15.cnrs.fr
> ntUniqueId: 0cdf6e627d64684cb10c70b3b8753fda
>
>
> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): windows_process_total_entry: Looking
> dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" (ours)
> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS
> dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr"
> guid="c0e73a492ffbc04c9e85781a68f45023"
> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS
> dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr"
> username="SFC"
> [10/Jun/2009:15:01:34 +0200] - Calling windows entry search request
> plugin
> [10/Jun/2009:15:01:34 +0200] - windows_search_entry: recieved 2
> messages, 1 entries, 0 references
> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_outbound: found AD entry
> dn="CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr"
> [10/Jun/2009:15:01:34 +0200] - Calling windows entry search request
> plugin
> [10/Jun/2009:15:01:34 +0200] - windows_search_entry: recieved 2
> messages, 1 entries, 0 references
> [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin -
> windows_generate_update_mods:
> CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr, description :
> values are equal
> [10/Jun/2009:15:01:35 +0200] - map_dn_values: no local entry found for
>
> uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr
> [10/Jun/2009:15:01:35 +0200] - map_dn_values: no local entry found for
> uid=
>
> [follow 10 entries,]
>
> [10/Jun/2009:15:01:35 +0200] - Calling windows entry search request
> plugin
> [10/Jun/2009:15:01:35 +0200] - windows_search_entry: recieved 2
> messages, 1 entries, 0 references
> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: looking for local entry matching
>
> AD entry
> [CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr]
> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid
>
> [72a7171ffaa0d84a9ca4ec2d90a4ab2b]
> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1
> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid
> [essaibug]
> [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: problem looking for username:
> -1
> [10/Jun/2009:15:01:35 +0200] - Calling windows entry search request
> plugin
> [10/Jun/2009:15:01:35 +0200] - windows_search_entry: recieved 2
> messages, 1 entries, 0 references
>
> [10/Jun/2009:15:01:38 +0200] NSMMReplicationPlugin -
> windows_generate_update_mods:
> CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr, sAMAccountName
> :
> values are equal
> [10/Jun/2009:15:01:38 +0200] - smod - windows sync
> [10/Jun/2009:15:01:38 +0200] - smod 0 - delete: member
> [10/Jun/2009:15:01:38 +0200] - smod 0 - value: member:
> CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr
> [10/Jun/2009:15:01:38 +0200] - smod 1 - delete: member
> [10/Jun/2009:15:01:38 +0200] - smod 1 - value: member:
>
> [follow the 10 entries]
>
> [10/Jun/2009:15:01:39 +0200] NSMMReplicationPlugin -
> windows_update_remote_entry: modifying entry
> CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr
> [10/Jun/2009:15:01:39 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): Received result code 0 () for modify operation
>
> [10/Jun/2009:15:01:55 +0200] - map_dn_values: no local entry found for
>
> uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr
>
> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - received entry
> from
> dirsync:
> CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr
> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: looking for local entry matching
>
> AD entry
> [CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr]
> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid
>
> [72a7171ffaa0d84a9ca4ec2d90a4ab2b]
> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1
> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid
> [essaibug]
> [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_inbound: problem looking for username:
> -1
> [10/Jun/2009:15:05:52 +0200] - Windows sync entry: Adding new local
> entry dn: uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs,
> dc=fr
> objectClass: top
> objectClass: person
> objectClass: organizationalperson
> objectClass: inetOrgPerson
> objectClass: ntUser
> ntUserDeleteAccount: true
> uid: essaibug
> sn: essaibug
> cn: essaibug
> ntUserCodePage: 0
> ntUserAcctExpires: 9223372036854775807
> ntUserDomainId: essaibug
> ntUniqueId: 72a7171ffaa0d84a9ca4ec2d90a4ab2b
>
> [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS
> dn="uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs,
> dc=fr"
> guid="72a7171ffaa0d84a9ca4ec2d90a4ab2b"
> [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS
> dn="uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs,
> dc=fr"
> username="essaibug"
> [10/Jun/2009:15:07:13 +0200] - Calling windows entry search request
> plugin
> [10/Jun/2009:15:07:13 +0200] - windows_search_entry: recieved 2
> messages, 1 entries, 0 references
> [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin -
> agmt="cn=zebigbos"
> (zebigbos:636): map_entry_dn_outbound: found AD entry
> dn="CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr"
>
> (following the translation of google)
> I suppose that during the initialization of the replication, groups
> have
> lost members (group sfc) with the logs in order explicit removal of
> the
> member in the group, sent by the DS to AD. The most likely explanation
>
> and that the process is sequential but with a dispatch from AD to
> DS-anarchic, with a group can be created before members in DS users.
> these are leading to a later stage in a request for suppresssion AD DS
>
> to members of the group that did not exist before the creation of the
>
> group. This is "normal" since DS checks the consistency of information
>
> and therefore the group members. The solution to this problem is to
> create manually in the AD to add the lost members in the group or may
> be
> to initialize sync twice in a closed time.
>
> The administrator of the Windows server and the AD insulted me as a
> result of this blunder
> I asked him if he had a backup of the AD. he had not
>
So let me see if I understand what is happening:
DS attempts to sync some groups from AD - since the user does not exist, it deletes the member from the group. Then it syncs the group back to AD, and deletes those users from AD.
Is that correct?
I suppose a workaround would be to make sure all of the users are first added to DS, then sync the groups.
> --
>
> Jean-Noel Chardron
>
>
> --
> 389 users mailing list
> 389-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
14 years, 10 months
Re: [389-users] Unable to connect to Admin or DS from management console
by Rich Megginson
----- "Andrew Kerr" <andrew.kerr(a)amdocs.com> wrote:
> I recently added a new fedora ds replica (1.2.0) to my master
> (1.0.4). I was able to add the new machine, and replicate to it. I
> set
> up the replication via the console, and everything was working fine.
> Today when I launch the console on the master and connect to the
> replica
> running 1.2.0 I get an error: "Failed to install a local copy of
> fedora-admin-1.1.jar or one of its components" "Can not connect to
> http://0.0.0.0:9830".
>
> 9830 is the correct port of the remote machine, but 0.0.0.0
> isn't the correct ip. The local admin console is running on a
> different
> port. I can do a wget on the remote machine http://<remote
> machine>:9830 and I am able to connect and get the "download" page
> that
> has the quick console. So it isn't a network issue.
>
> The only change I've made is to add another replica, running
> 1.0.4. I can connect to that one just fine, and all of the others.
> I
> just can't get to the one I added a few days ago that is running the
> newer version.
>
> I'd suspect java, or something along those lines, except that it
> worked yesterday and nothing (verified by the yum logs) has been
> installed or changed on the server.
>
> My guess is that maybe the 1.0.4 ones work ok because they're
> running the same version, and no additional jar files are needed. I
> looked in the .fedora-console/jars and I don't see the new one. I
> tried
> removing that directory and letting it create a new one, also with no
> luck.
>
> I tried adding another 1.2.0 installation, and same problem.
>
> Any ideas would be greatly appreciated!
I think in general you will not be able to manage 1.2 instances with the 1.0 console.
The specific problem is https://bugzilla.redhat.com/show_bug.cgi?id=430364 which was fixed in idm-console-framework 1.1.3
I suppose you could use ldapmodify to change the nsServerAddress to the real IP address
ldapsearch -x -D "cn=directory manager" -w yourpassword -s sub -b o=netscaperoot "nsServerAddress=0.0.0.0"
Then find which entry that is, and do something like
ldapsearch -x -D "cn=directory manager" -w yourpassword
dn: dn of the entry
changetype: modify
replace: nsServerAddress
nsServerAddress: your real IP address
>
>
>
> This message and the information contained herein is proprietary and
> confidential and subject to the Amdocs policy statement,
> you may review at http://www.amdocs.com/email_disclaimer.asp
>
> --
> 389 users mailing list
> 389-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
14 years, 10 months
OS to authenticate to DS using TLS
by Doug Coats
So my next hurdle I am tackling SSL certificates. I produced self-signed
certificates and have installed them in through the Management Console. I
can run the Management Console using a secure connection.
Linux uses DS to authenticate (configured using System > Administration >
Authentication and enableing LDAP support). If I try to "Use TLS to encrypt
connection" I can't program a URL that will let me download the CA
Certificate successfully. I hope that all made sence.
Am I missing something? Do I need this?
Thanks for any advise!
14 years, 10 months
General LDAP security
by Dumbo Q
I setup a RHDS server for authentication along with my a test client, and everything seems to working well. Before I deploy this solution into production I would like to know what I can do in regards to security.
I got rid of my ldap.secret file, as I don't think I need it. I do not mind if root cannot change other peoples passwords from anywhere.
The next problem that I'm running into is that I currently have my binddn set to cn=Directory Manager, and thus my most important password is still writtent in clear text in ldap.conf. Can some one explain (or point to an article which shows) how to create another user to use for my binddn? Is it as simple as making a regular user, or do I need to adjust any particular permissions. I would prefer this user to be read-only.
Any particular tools to scan and see what can be accessed anonomously and what can be access with a particular binddn?
Any other recomendations?
14 years, 10 months
SSL Library Error: -12271 SSL client cannot verify your certificate
by dima vasiletc
Hello
all encryption connections finished with error (Error code:
sec_error_reused_issuer_and_serial)
And server write to log SSL Library Error: -12271 SSL client cannot
verify your certificate
First i think need check dns querys.
I see many A querys for example.com
May be i must regenerate certificate ? Where i can read about that .
Thanks.
--
С уважением, Дмитрий
14 years, 10 months
Sharing scripts for AD<->RHDS integration
by Kenneth Holter
Hi all.
I'm working on a few small scripts aimed at AD<->FDS/RHDS integration. The
scripts basically add posix attributes to users synced over from AD, and use
AD group memberships to create NIS netgroup membership (which can be used
for controlling which users gets to access which servers). I hope to have
the initial version of the scripts ready in a few weeks, and would like to
share them with others that may be interested in them.
Since this is my first time share code I've written, I could use some advice
on how and where to share it. Could someone point me to info on this?
Thanks.
Regards,
Kenneth Holter
14 years, 10 months
Error debianizing the 389-ds-base-1.2.1 package
by Morenisco
Hi,
I tried to debianize the 389-ds-base-1.2.1 package in a clean directory
and sources, and I got an error.
The basic steps that I performed were the following:
1) 389-ds-base-1.2.1 package - Initial debianization:
root@dirserv1:~/project-389/389-ds-base-1.2.1# dh_make -e
morenisco(a)noc-root.net -c gpl -f ../389-ds-base-1.2.1.tar.gz
Type of package: single binary, multiple binary, library, kernel module
or cdbs?
[s/m/l/k/b] s
Maintainer name : root
Email-Address : morenisco(a)noc-root.net
Date : Thu, 04 Jun 2009 22:56:55 +0000
Package Name : 389-ds-base
Version : 1.2.1
License : gpl
Using dpatch : no
Type of Package : Single
Hit <enter> to confirm:
Done. Please edit the files in the debian/ subdirectory now. 389-ds-base
uses a configure script, so you probably don't have to edit the Makefiles.
2) I modified the control file as follows:
Source: 389-ds-base
Section: admin
Priority: extra
Maintainer: Morenisco <morenisco(a)noc-root.net>
Build-Depends: debhelper (>= 7), autotools-dev
Standards-Version: 3.7.3
Homepage: http://directory.fedoraproject.org
Package: 389-ds-base
Architecture: any
Depends: libsvrcore0, libsvrcore-dev, libmozldap-0d, libmozldap-dev,
libmozilla-ldap-perl, libdb4.6-dev, libicu-dev, libsnmp-dev,
libkrb5-dev, libpam-dev, libnet-ldap-perl, libperl-dev
Description: The enterprise-class Open Source LDAP server for Linux.
It is hardened by real-world use, is full-featured, supports
multi-master replication, and already handles many of the
largest
LDAP deployments in the world.
3) I tried to build the package with the following command:
root@dirserv1:~/project-389/389-ds-base-1.2.1# dpkg-buildpackage -rfakeroot
The generated output is too long, and the latest part is the following:
ldap/servers/slapd/.libs/libslapd_la-snmp_collator.o: In function
`snmp_collator_create_semaphore':
/root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:532:
undefined reference to `sem_open'
/root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:536:
undefined reference to `sem_unlink'
/root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:542:
undefined reference to `sem_open'
ldap/servers/slapd/.libs/libslapd_la-snmp_collator.o: In function
`snmp_collator_sem_wait':
/root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:574:
undefined reference to `sem_trywait'
/root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:586:
undefined reference to `sem_close'
/root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:587:
undefined reference to `sem_unlink'
ldap/servers/slapd/.libs/libslapd_la-snmp_collator.o: In function
`snmp_collator_update':
/root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:629:
undefined reference to `sem_post'
ldap/servers/slapd/.libs/libslapd_la-snmp_collator.o: In function
`snmp_collator_stop':
/root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:505:
undefined reference to `sem_close'
/root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:506:
undefined reference to `sem_unlink'
ldap/servers/slapd/.libs/libslapd_la-snmp_collator.o: In function
`snmp_collator_init':
/root/project-389/389-ds-base-1.2.1/ldap/servers/slapd/snmp_collator.c:205:
undefined reference to `sem_post'
collect2: ld returned 1 exit status
make[2]: *** [libslapd.la] Error 1
make[2]: Leaving directory `/root/project-389/389-ds-base-1.2.1'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/root/project-389/389-ds-base-1.2.1'
make: *** [build-stamp] Error 2
dpkg-buildpackage: failure: debian/rules build gave error exit status 2
root@dirserv1:~/project-389/389-ds-base-1.2.1#
The complete output is in the following URL:
http://morenisco.noc-root.net/debian/files/Error_Debianizing_389-ds-base-...
Some idea about why this can be failing please?
Thanks a lot.
--
Morenisco.
Centro de Difusión del Software Libre.
http://www.cdsl.cl
http://trabajosfloss.noc-root.net
Blog: http://morenisco.noc-root.net
14 years, 10 months
GID error
by Doug Coats
I have run into a issue with my system being able to correctly identify a
user and their group.
I am running CentOS 5.3 and centos-ds 8.1
I have created a user using the managment console.
I set up the first name, last name, common name, user id, and password.
Under Posix User I set up UID Number: 10009, GID Number: 10009, Home
Directory: /home/user, and Shell: /bin/bash.
I set up authentication using System > Administration > Authentication. I
enabled LDAP support and configured it. Under the options tab I checke
"Create home directories on first login."
My user can log into the box and can ssh into the box.
When I do log in I receive the following error.
id: cannot find name for group ID 10009
When I ls -la the users home directory it displays.
drwxr-xr-x 15 user 100009 4096 Jun 13 08:26 user
I tried creating a "user" group but their is no way to attach a GID to that
group so there is no way for LDAP or PAM to associate the two.
I googled around but none of the solutions worked for me or seemed to apply
to this situation.
Thanks for any help!
Doug
14 years, 10 months
cron no longer works after password expiration
by Aaron Mills
Hi all,
I set up password policy on my FDS box and things were humming along just fine until people's passwords expired (100 days). Users can still log in to our linux boxen as normal (though we were seeing Invalid Credentials log entries). I disabled password policy, however now cron jobs no longer work. I tried setting something up like so:
* * * * * /bin/date >> /var/tmp/test.txt
But nothing gets logged. There's no even an entry in the cron logfile. This appears to be LDAP related since local user crons still work. I've looked in the /var/log/messages and /var/log/cron, but it's as if my boxes just stopped recognizing user crons altogether.
Any ides on the right direction to look?
Thanks,
-Aaron
--
Aaron Mills
Systems Administrator
Return Path, Inc.
aaron.mills(a)returnpath.net
14 years, 10 months