June 2009 - 389-users - Fedora Mailing-Lists

which user must have access to /var/run/dirsrv ?

by dima vasiletc

Hello When i try start dirsrv i have error Failed to delete old semaphore for stats file (/var/run/dirsrv/slapd-MY-DOMAIN-COM.stats). Error 13 (Permission denied). but access for dirsrv user permited. also -- С уважением, Дмитрий

14 years, 10 months

3
7
0 / 0

Re: [389-users] which user must have access to /var/run/dirsrv ?

by Rich Megginson

----- "dima vasiletc" <pronix.service(a)gmail.com> wrote: > On 06/15/2009 07:53 PM, Richard Megginson wrote: > > ls -al /var/run/dirsrv > > > > drwxrwxrwx 2 dirsrv nobody 4096 2009-06-15 10:21 . > drwxr-xr-x 31 root root 4096 2009-06-15 10:21 .. > -rw-r--r-- 1 dirsrv dirsrv 6 2009-06-15 10:21 > slapd-MYDOMAIN-COM.startpid > -rw-r--r-- 1 dirsrv dirsrv 2072 2009-06-15 10:07 > slapd-MYDOMAIN-COM.stats I'm not sure what's going on - what's the output of /usr/lib/dirsrv/slapd-MYDOMAIN-COM/start-slapd -d 1 > > -- > С уважением, Дмитрий > > -- > 389 users mailing list > 389-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users

14 years, 10 months

1
0
0 / 0

Developting a CentOS-DS setup

by Doug Coats

I am new to using CentOS-DS and LDAP and I am having difficulty finding solid information on setting up using CentOS-DS as the information and authentification center of my network. I have googled a number of different combinations looking for the informaiton I need but have not found any good resources to setup what I am after. I have downloaded and am going over the Red Hat documentation and where it is very informative it certainly is not a Howto. My biggest need for resources is in setting up the authentification of different services and LDAP. I am using CentOS 5.3 and CentOS-DS 8.1. These I have installed and running on a test server. I would like to accomplish the following things in this order. Linux authentification Samba authentification Dovecot authentification So my questions to begin with are: How do I get Linux to use LDAP to authenticate instead of the passwd and shadow files? Once I get that to work: How do I get Linux to to do the normal things it does with adduser (like create a home directory, create a group, and things I can't think of)? If anyone could push me in the right direction I would really appreciate it.

14 years, 10 months

2
6
0 / 0

New to FDS, need some assistance with DIT configuration

by David Christensen

I am a little more familiar with OpenLDAP than I am with FDS, so some of the FDS configuration is familiar, however I am stuck with how to implement access controls for all the servers I manage etc. As of right now if you are authenticated by FDS you have access to every resource that uses FDS for authentication. Research indicates that I need to have all the objects I want to manage in FDS and I need to use PAM with a modified ldap.conf file for each server. What is the best way to implement privileges using FDS, listing allowed hosts for each user or allowed users for each host, and how do I create the entries in FDS for both conditions? Thanks in advance for the help.

14 years, 10 months

1
0
0 / 0

loss of group members in AD after initialization of sync

by jean-Noël Chardron

hello, When I initiate a first full synchronization of DS and AD I lost members in groups error log shows : [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: looking for local entry matching AD entry [CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid [c0e73a492ffbc04c9e85781a68f45023] [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 [10/Jun/2009:15:00:07 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid [SFC] [...] [10/Jun/2009:15:00:11 +0200] - Windows sync entry: Adding new local entry dn: cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr objectClass: top objectClass: groupofuniquenames objectClass: ntGroup ntGroupDeleteGroup: true cn: SFC description: Service Financier et Comptable uniqueMember: uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc= fr uniqueMember:[...] follow 10 members [...] [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - received entry from dirsync: CN=MX,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: looking for local entry matching AD entry [CN=MX,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid [0cdf6e627d64684cb10c70b3b8753fda] [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid [MX] [10/Jun/2009:15:00:24 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: problem looking for username: -1 [10/Jun/2009:15:00:24 +0200] - Windows sync entry: Adding new local entry dn: uid=MX,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetOrgPerson objectClass: ntUser ntUserDeleteAccount: true uid: MX sn: MX givenName: Guillaume cn: MX ntUserCodePage: 0 ntUserAcctExpires: 0 ntUserDomainId: MX mail: Guillaume.MX(a)dr15.cnrs.fr ntUniqueId: 0cdf6e627d64684cb10c70b3b8753fda [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): windows_process_total_entry: Looking dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" (ours) [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" guid="c0e73a492ffbc04c9e85781a68f45023" [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS dn="cn=SFC,OU=groupes,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" username="SFC" [10/Jun/2009:15:01:34 +0200] - Calling windows entry search request plugin [10/Jun/2009:15:01:34 +0200] - windows_search_entry: recieved 2 messages, 1 entries, 0 references [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_outbound: found AD entry dn="CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr" [10/Jun/2009:15:01:34 +0200] - Calling windows entry search request plugin [10/Jun/2009:15:01:34 +0200] - windows_search_entry: recieved 2 messages, 1 entries, 0 references [10/Jun/2009:15:01:34 +0200] NSMMReplicationPlugin - windows_generate_update_mods: CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr, description : values are equal [10/Jun/2009:15:01:35 +0200] - map_dn_values: no local entry found for uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr [10/Jun/2009:15:01:35 +0200] - map_dn_values: no local entry found for uid= [follow 10 entries,] [10/Jun/2009:15:01:35 +0200] - Calling windows entry search request plugin [10/Jun/2009:15:01:35 +0200] - windows_search_entry: recieved 2 messages, 1 entries, 0 references [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: looking for local entry matching AD entry [CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid [72a7171ffaa0d84a9ca4ec2d90a4ab2b] [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid [essaibug] [10/Jun/2009:15:01:35 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: problem looking for username: -1 [10/Jun/2009:15:01:35 +0200] - Calling windows entry search request plugin [10/Jun/2009:15:01:35 +0200] - windows_search_entry: recieved 2 messages, 1 entries, 0 references [10/Jun/2009:15:01:38 +0200] NSMMReplicationPlugin - windows_generate_update_mods: CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr, sAMAccountName : values are equal [10/Jun/2009:15:01:38 +0200] - smod - windows sync [10/Jun/2009:15:01:38 +0200] - smod 0 - delete: member [10/Jun/2009:15:01:38 +0200] - smod 0 - value: member: CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr [10/Jun/2009:15:01:38 +0200] - smod 1 - delete: member [10/Jun/2009:15:01:38 +0200] - smod 1 - value: member: [follow the 10 entries] [10/Jun/2009:15:01:39 +0200] NSMMReplicationPlugin - windows_update_remote_entry: modifying entry CN=SFC,OU=groupes,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr [10/Jun/2009:15:01:39 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): Received result code 0 () for modify operation [10/Jun/2009:15:01:55 +0200] - map_dn_values: no local entry found for uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - received entry from dirsync: CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: looking for local entry matching AD entry [CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid [72a7171ffaa0d84a9ca4ec2d90a4ab2b] [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid [essaibug] [10/Jun/2009:15:05:51 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: problem looking for username: -1 [10/Jun/2009:15:05:52 +0200] - Windows sync entry: Adding new local entry dn: uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetOrgPerson objectClass: ntUser ntUserDeleteAccount: true uid: essaibug sn: essaibug cn: essaibug ntUserCodePage: 0 ntUserAcctExpires: 9223372036854775807 ntUserDomainId: essaibug ntUniqueId: 72a7171ffaa0d84a9ca4ec2d90a4ab2b [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS dn="uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" guid="72a7171ffaa0d84a9ca4ec2d90a4ab2b" [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_outbound: looking for AD entry for DS dn="uid=essaibug,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr" username="essaibug" [10/Jun/2009:15:07:13 +0200] - Calling windows entry search request plugin [10/Jun/2009:15:07:13 +0200] - windows_search_entry: recieved 2 messages, 1 entries, 0 references [10/Jun/2009:15:07:13 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_outbound: found AD entry dn="CN=essaibug,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr" (following the translation of google) I suppose that during the initialization of the replication, groups have lost members (group sfc) with the logs in order explicit removal of the member in the group, sent by the DS to AD. The most likely explanation and that the process is sequential but with a dispatch from AD to DS-anarchic, with a group can be created before members in DS users. these are leading to a later stage in a request for suppresssion AD DS to members of the group that did not exist before the creation of the group. This is "normal" since DS checks the consistency of information and therefore the group members. The solution to this problem is to create manually in the AD to add the lost members in the group or may be to initialize sync twice in a closed time. The administrator of the Windows server and the AD insulted me as a result of this blunder I asked him if he had a backup of the AD. he had not -- Jean-Noel Chardron

14 years, 10 months

1
0
0 / 0

recovery manager password

by Kỳ Anh, Huỳnh

Hello all, I manage a server which has FDS installed since 2005. No one here can remember the rootdn or password to manager to server. How to recover the rootdn and root password of FDS? Thank you for your replies. -- Ky Anh, Huynh Homepage: http://viettug.org/

14 years, 10 months

2
1
0 / 0

Fail to sync with active directory

by jean-Noël Chardron

hello, I tried to sync the FDS with Active directory, i follow the instructions read in http://www.linuxmail.info/ad-fds-sync-howto/ except that I create a branch dc=ad and ou=DR15 (organizational unit) (and 2 databases under the root suffix dc=dr15,dc=cnrs,dc=fr) the FDS is version 1.2.0 and I upgrade this morning from fedora 10 to Fedora 11 I try to synchronise with this parameters : DS host : aragon.dr15.cnrs.fr , port 389 Windows host : zebigbos.ad.dr15.cnrs.fr , port 636 DS subtree : ou=DR15,dc=ad,dc=dr15,dc=cnrs,dc=fr Windows Subtree : ou=DR15,dc=ad,dc=dr15,dc=cnrs,dc=fr Replicated Subtree : ou=DR15,dc=ad,dc=dr15,dc=cnrs,dc=fr I actived the log errors (level replication) and I get many lines I extract few below : [10/Jun/2009:12:45:26 +0200] NSMMReplicationPlugin - received entry from dirsync: CN=Chardron,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr [10/Jun/2009:12:45:26 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: looking for local entry matching AD entry [CN=Chardron,OU=utilisateurs,OU=DR15,DC=ad,DC=dr15,DC=cnrs,DC=fr] [10/Jun/2009:12:45:26 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: looking for local entry by guid [c107390bd3669f4ca8b074de2af86397] [10/Jun/2009:12:45:26 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: problem looking for guid: -1 [10/Jun/2009:12:45:26 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: looking for local entry by uid [chardron] [10/Jun/2009:12:45:26 +0200] NSMMReplicationPlugin - agmt="cn=zebigbos" (zebigbos:636): map_entry_dn_inbound: problem looking for username: -1 [10/Jun/2009:12:45:26 +0200] - Windows sync entry: Adding new local entry dn: uid=chardron,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr objectClass: top objectClass: person objectClass: organizationalperson objectClass: inetOrgPerson objectClass: ntUser ntUserDeleteAccount: true uid: chardron sn: Chardron postalCode: 33402 physicalDeliveryOfficeName:: bsKwIDIxMg== telephoneNumber: 05.57.35.58.41 givenName: Jean-Noel initials: jnc cn: Chardron ntUserCodePage: 0 ntUserAcctExpires: 9223372036854775807 ntUserDomainId: chardron mail: Jean-Noel.Chardron(a)dr15.cnrs.fr ntUniqueId: c107390bd3669f4ca8b074de2af86397 [10/Jun/2009:12:45:26 +0200] NSMMReplicationPlugin - add operation of entry uid=chardron,OU=utilisateurs,ou=DR15,dc=ad,dc=dr15, dc=cnrs, dc=fr returned: 32 So it fails but why and what is the code error "32" ? Previously yesterday evening when I tried with Fedora 10 I got the return code "10" however I forgot the parameters used. -- Jean-Noel Chardron

14 years, 10 months

1
1
0 / 0

error: failed to install local copy of fedora-ds-1.1.jar

by lejeczek

hi everybody, error is from idm console, rpms are as follows: fedora-ds-base-1.2.0-4.fc9.x86_64 fedora-ds-dsgw-1.1.2-1.fc9.x86_64 fedora-ds-base-devel-1.2.0-4.fc9.x86_64 fedora-ds-console-1.2.0-1.fc9.noarch fedora-ds-admin-1.1.7-3.fc9.x86_64 fedora-ds-admin-console-1.1.3-1.fc9.noarch and yet, even if I delete ~/.fedora-idm-console and start console, I can connect to admin servers but not do ds and when above folder gets created anew after manual deleteion files actually copied from, I guess, /usr/share/dirsrv/html/java/ and not linked as they used to be, linking would be better - not? and this numbering versions nomenclature is a bit messy, there in ~/.fedo... should be fedora-{ds,admin} linked to correct versions in /usr/share/dirsrv/html/java/ so my call for help is - what is missing, I rpm'ed above packages but it did not help i can copy files by hand but I expect it to work out of box - no? cheers everybody

14 years, 10 months

2
3
0 / 0

DSA unwilling to process update / Viewing contents of replication updates

by Chris Phillips

Hi, I've a cluster of boxes with replication form two multimasters to 6 read only replicas. There appears to be a problem in the replication in that the error logs state that the DSA is unwilling to process updates for a specific user account, so the replication status in the idm just stays at saying it started rather than completed. I could just delete the account and recreate it, but as it's unfortunately *my* account (and is in this state *possibly* because I was messing with the resetpasswordretrytime field (or something very similarly named) which I get the impression is treated differently to other fields) I'd like to avoid deleting the account. To this end I'm hoping a suitable solution is to remove whatever the change is that is trying to be pushed across, but I can't see any way with SSL replication to see what the actual attributes it doesn't like are. Any way to pull this straight out with ldapsearch or something? Any tips for elegantly troubleshooting this in a heavily locked down environment would be appreciated. Thanks Chris

14 years, 10 months

2
3
0 / 0

Problem to create a root entry

by jean-Noël Chardron

hello, On a fresh install of a 389 directory server on fedora 10, I tried to create a root entry as described in the book Administration of Redhat Directory Server I tried some possibilities with directory console or command line, the behavior is hazardous : in command line i tried this below, but the branch dc=ad,... doesn't appear in the directory console [root@aragon db]# ldapmodify -a -x -D "cn=directory manager" -w secret dn: cn=adData,cn=ldbm database,cn=plugins,cn=config objectclass: extensibleObject objectclass: nsBackendInstance nsslapd-suffix: dc=ad,dc=dr15,dc=cnrs,dc=fr adding new entry "cn=adData,cn=ldbm database,cn=plugins,cn=config" dn: cn="dc=ad,dc=dr15,dc=cnrs,dc=fr",cn=mapping tree,cn=config objectclass: top objectclass: extensibleObject objectclass: nsMappingTree nsslapd-state: backend nsslapd-parent-suffix: "dc=dr15,dc=cnrs,dc=fr" nsslapd-backend: adData cn: dc=ad,dc=dr15,dc=cnrs,dc=fr adding new entry "cn="dc=ad,dc=dr15,dc=cnrs,dc=fr",cn=mapping tree,cn=config" but the branch dc=ad,dr=15,dc=cnrs,dc=fr doesn't appear in the directory console If I ommit the parent (nsslapd-parent-suffix: "dc=dr15,dc=cnrs,dc=fr") and i create a independant branch, the new root suffix (dc=ad,dc=dr15,dc=cnrs,dc=fr) appear in the directory console but in the tab "directory" I cannot create the new root Object In fact my original problem is that I am never able to create a new root object in the Directory under the root sufix dc=dr15,dc=cnrs,dc=fr even after creating the database. In the directory console the link 'New Root Object' is not active, then I cannot create the root object "dc=ad,dc=dr15,dc=cnrs,dc=fr" Can somebody tell me what is wrong or misconfigured Thanks jnc

14 years, 10 months

2
4
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users June 2009