Double quoted distinguished names
by tamarin p
Hi,
i apologize that i am revisiting this topic yet again but as we found out,
double quoted distinguished names are no longer possible in 1.2.0. We
initially discovered the problem for the aliasedobjectname class but it
later turned out its a fault with double quoted dns in general and the
schema violation we got for aliasedobjectname was because a doublequoted dn
always leads for some bizare reason to the creation of an attribute with the
double quoted part as the attr/value pair, so the schema violation was
effect rather than cause.. we are also fairly certain they worked prior to
this as we initially did some tests with 1.1.0, 1.1.2 and 1.1.3 without
encountering into any problems with this.
I was told in another thread that the double quoted syntax is deprecated and
that escapes should be used instead. Is it then safe to assume that double
quoted style will not be fixed (or at least have extremely low priority)? We
have some clients who sometimes give us LDIFs for adding to the directory
and they prefer the double quoted syntax as more easily readable. I can
write convert script for them easily enough to handle the obvious cases but
I won't go through the effort if there is a chance this will be fixed one
minor version down the road.
14 years, 9 months
Allowing users to change their password
by Kenneth Holter
Hi all.
I'd like my users to be able to change their password (stored in the
directory server) by issuing "passwd" or something like that. Can this be
done? According to the documentation it seems like one has to use the
"ldappassrd" command, which seem pretty tricky to regular users.
I'm running Red Hat Directory Server 8.0.0.
Regards,
Kenneth
14 years, 9 months
Customizing IDM Console
by Dumbo Q
Is there any way to customize the idm console? I basically just need a tool for add/mod/remove users and groups for authentication. centos-ds worked out of the box for authenticaition, but I had to manually pick a uid and gid. Is there a way to have idm-console pick the next available id?
If not, has anyone tried Gosa with fedora directory?
14 years, 10 months
Cannot start the dirsrv process on Debian Lenny
by Morenisco
Hi,
I made the following on a Debian Lenny chroot environment:
1) Installed all the dependences on the OS for the 389-ds-base-1.2.1
package.
2) I compiled sucessfully the 389-ds-base-1.2.1 package.
3) I configured the service, and in the last step the service didn't
start, giving me the following error:
Directory Manager DN [cn=Directory Manager]:
Password:
Password (confirm):
/dev/null: Permission denied
Server failed to start !!! Please check errors log for problems
4) Error log:
root@dirserv1:/opt/dirsrv/var/log/dirsrv/slapd-dirserv1# cat errors
Fedora-Directory/1.2.1 B2009.152.220
dirserv1.cdsl.cl:389 (/opt/dirsrv/etc/dirsrv/slapd-dirserv1)
[04/Jun/2009:04:26:02 +0000] - dblayer_instance_start: pagesize: 4096,
pages: 524288, procpages: 7193
[04/Jun/2009:04:26:02 +0000] - cache autosizing: import cache: 204800k
[04/Jun/2009:04:26:02 +0000] - li_import_cache_autosize: 50,
import_pages: 51200, pagesize: 4096
[04/Jun/2009:04:26:02 +0000] - WARNING: Import is running with
nsslapd-db-private-import-mem on; No other process is allowed to access
the database
[04/Jun/2009:04:26:02 +0000] - dblayer_instance_start: pagesize: 4096,
pages: 524288, procpages: 7193
[04/Jun/2009:04:26:02 +0000] - cache autosizing: import cache: 204800k
[04/Jun/2009:04:26:02 +0000] - li_import_cache_autosize: 50,
import_pages: 51200, pagesize: 4096
[04/Jun/2009:04:26:02 +0000] - import userRoot: Beginning import job...
[04/Jun/2009:04:26:02 +0000] - import userRoot: Index buffering enabled
with bucket size 100
[04/Jun/2009:04:26:02 +0000] - import userRoot: Processing file
"/tmp/ldifJJTzfX.ldif"
[04/Jun/2009:04:26:02 +0000] - import userRoot: Finished scanning file
"/tmp/ldifJJTzfX.ldif" (9 entries)
[04/Jun/2009:04:26:03 +0000] - import userRoot: Workers finished;
cleaning up...
[04/Jun/2009:04:26:03 +0000] - import userRoot: Workers cleaned up.
[04/Jun/2009:04:26:03 +0000] - import userRoot: Cleaning up producer
thread...
[04/Jun/2009:04:26:03 +0000] - import userRoot: Indexing complete.
Post-processing...
[04/Jun/2009:04:26:03 +0000] - import userRoot: Flushing caches...
[04/Jun/2009:04:26:03 +0000] - import userRoot: Closing files...
[04/Jun/2009:04:26:03 +0000] - All database threads now stopped
[04/Jun/2009:04:26:03 +0000] - import userRoot: Import complete.
Processed 9 entries in 1 seconds. (9.00 entries/sec)
5) Trying to start it manually:
root@dirserv1:/opt/dirsrv/etc/rc.d/init.d# ./dirsrv start
Starting dirsrv:
dirserv1.../dev/null: Permission denied
^C
6) Reviewing the permissions over /dev/null
root@dirserv1:~/project-389# ls -l /dev/null
crw-r--r-- 1 root root 1, 3 2009-05-31 23:38 /dev/null
I changed the permissions:
root@dirserv1:~/project-389# chmod 0666 /dev/null
root@dirserv1:~/project-389# ls -l /dev/null
crw-rw-rw- 1 root root 1, 3 2009-05-31 23:38 /dev/null
7) Trying again:
root@dirserv1:/opt/dirsrv/etc/rc.d/init.d# ./dirsrv start
Starting dirsrv:
dirserv1... FAILED
*** Warning: 1 instance(s) failed to start
8) Seeing the error log file:
root@dirserv1:/opt/dirsrv/var/log/dirsrv/slapd-dirserv1# cat errors
[04/Jun/2009:04:43:11 +0000] - Fedora-Directory/1.2.1 B2009.152.220
starting up
[04/Jun/2009:04:43:11 +0000] - Failed to create semaphore for stats file
(/opt/dirsrv/var/run/dirsrv/slapd-dirserv1.stats). Error 38.(Function
not implemented)
Some idea bout this error please?
Thanks.
--
Morenisco.
Centro de Difusión del Software Libre.
http://www.cdsl.cl
http://trabajosfloss.noc-root.net
Blog: http://morenisco.noc-root.net
14 years, 10 months
log on window machines
by Alejandro Rodriguez Luna
Hi all.
i'm completely new about active directory and LDAP, my question here is:
is there a way to allow window machines to log on against a fedora directory?
or do i need a combination of fedora directory with samba?
Any help?
----------------------------------
Alejandro Rodriguez Luna
Web: http://www.alexluna.org
E-mail: el_alexluna(a)yahoo.com.mx
MSN: el_alexluna(a)yahoo.com.mx
GTalk: alexluna(a)gmail.com
Movil: 044-311-112-86-41
----------------------------------
¡Obtén la mejor experiencia en la web! Descarga gratis el nuevo Internet Explorer 8. http://downloads.yahoo.com/ieak8/?l=mx
14 years, 10 months
Re: [389-users] Cert check in replication ?
by Emmanuel BILLOT
Emmanuel BILLOT a écrit :
> Hi,
>
> On Sun, 17 May 2009 i posted a message about DNS name check in
> replication between FDS servers.
>
> It seems that the name which the certificate gives is not checked (one
> can give any DNS hostname, replication works).
> We also had this behaviour this on S1DS on Solaris 9.
>
> However, on RHDS, here is the error message :
>
> [04/Jun/2009:09:53:28 +0200] slapi_ldap_bind - Error: could not send
> bind request for id [cn=replication manager,cn=config] mech [SIMPLE]:
> error 81 (Can't contact LDAP server) -12276 (Unable to communicate
> securely with peer: requested domain name does not match the server's
> certificate.) 11 (Resource temporarily unavailable)
>
> Both FDS and RHDS have been configured with the same config.
> The only way we found different is the OS (Centos for FDS, RHEL5 for
> RHDS, Solaris 9 for S1DS).
>
> Does anyone can found any explication ?
>
Ok seems that RHDS as the checks DNS option by default.
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
14 years, 10 months
Cert check in replication ?
by Emmanuel BILLOT
Hi,
On Sun, 17 May 2009 i posted a message about DNS name check in
replication between FDS servers.
It seems that the name which the certificate gives is not checked (one
can give any DNS hostname, replication works).
We also had this behaviour this on S1DS on Solaris 9.
However, on RHDS, here is the error message :
[04/Jun/2009:09:53:28 +0200] slapi_ldap_bind - Error: could not send
bind request for id [cn=replication manager,cn=config] mech [SIMPLE]:
error 81 (Can't contact LDAP server) -12276 (Unable to communicate
securely with peer: requested domain name does not match the server's
certificate.) 11 (Resource temporarily unavailable)
Both FDS and RHDS have been configured with the same config.
The only way we found different is the OS (Centos for FDS, RHEL5 for
RHDS, Solaris 9 for S1DS).
Does anyone can found any explication ?
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
14 years, 10 months
Synching different passwords
by John A. Sullivan III
Hello, all. It think I already know the negative answer to this
question but is there a way to synchronize different password fields in
389?
As a relative novice at 389 and a real novice at Asterisk, I've been
dropped into the deep end of building an integrated Asterisk, Kaimalio,
RTPProxy, FreePBX system using our existing LDAP as a database backend.
There is a great article on using 389 in RedHat magazine
(http://magazine.redhat.com/2008/07/24/open-source-telephony-a-fedora-base...) but the schema introduces a new password attribute. We'd like to for users to only have to change passwords once, not once for their data and once for the SIP accounts.
Additionally, for security reasons, users' email addresses (and thus
their SIP IDs) are different than their internal uids.
Kamailio looks like it makes this easier in that we can specify a query
using the email attribute and tell it which password field we want to
retrieve. I'm not sure how it will handle the hashing. I'm more at a
loss for how to do this in Asterisk.
In any event, I will ask the Asterisk folks if we can use the existing
password attribute rather than a specific SIPPassword attribute but, in
case they say no, is there any way to sync the two password fields other
than IPA? Thanks - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan(a)opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society
14 years, 10 months