Reg ssl error
by s.varadha rajan
Hi,
I would like to configure ssl enabled ldap in my environment.I have already
signed certificate and imported as per the Fedora wiki doc.when i restart
dirsrv, i got the following error,
SSL alert: Security Initialization: Unable to find slot (Netscape Portable
Runtime error -8127 - The security card or token does not exist, needs to be
initialized, or has been removed.)
ERROR: SSL Initialization Failed.
Please let me know the solution for this.
Regards,
Varad
12 years, 8 months
Change hostname of directory server.
by Techie
Hello,
We were required to change the hostname of our LDAP server running
389-DS. Since that time the LDAP server runs fine but the admin server
does not authenticate login any longer, meaning i cannot log into the
admin server. What do I need to do to fix the admin server and change
all references from the old host name to the new host name.
Thanks
Jimmy
12 years, 8 months
Problem - Could not import LDIF file '/ tmp / ldifESlBSW.ldif'. Error: 65280
by Michel Bulgado
Hello
Recently I just installed 389-ds-1.2.1-1.el5.noarch from EPEL repo,
because in my company we use Active Directory and want to migrate to Linux
I have installed CentOS 5.6 x86_64.
The problem persists when trying to run setup-ds-admin.pl and at the
very end I get an error message.
[11/07/21, 17:08:27] - [Setup] Info Are you ready to set-up your servers?
[11/07/21, 17:08:28] - [Setup] Info yes
[11/07/21, 17:08:28] - [Setup] Info Creating directory server. . .
[11/07/21, 17:08:29] - [Setup] Info Could not import LDIF file '/ tmp /
ldifESlBSW.ldif'. Error: 65280. Output: Importing data ...
[11/07/21, 17:08:29] - [Setup] Fatal Error: Could not create directory
server instance 'michel'.
[11/07/21, 17:08:29] - [Setup] Fatal Exiting. . .
Log file is '/ tmp/setup5jSSdH.log'
Maybe you can help me, google searching for someone I saw the same
problem happened to him and recommended him to move or delete the file
10-presence.ldif directory schema, but that file does not exist in that
directory.
That I could be doing wrong?
Thanks
Michel
12 years, 8 months
Setting certain users password to never expire
by harry.devine@faa.gov
I have a password policy set to have passwords expire every 90 days, etc.
However, we have 1 or 2 users that we never want their password to expire.
I cannot find where to set this in the user's account settings. I have
the latest 389-ds installed on a 64-bit CentOS 5.4 installation.
Any ideas?
Thanks,
Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine(a)faa.gov
12 years, 8 months
AD Sync Fails with: R00002105: LdapErr: DSID-0C0907C9, comment: Error processing control, data 0, vece.
by Josh Miller
Using:
- 389 DS 8.1
- AD 2003/2008
I am trying to sync from AD (one way) to 389 DS and getting the
following error:
R00002105: LdapErr: DSID-0C0907C9, comment: Error processing control,
data 0, vece.
A tcpdump does not appear to reveal anything in the way of errors and I
got the above error from the packet capture.
Any idea how to continue troubleshooting or resolve this issue?
I can query AD via ldapsearch using the AD credential set that I have
configured in the sync agreement.
Thanks,
--
Josh Miller
Open Source Solutions Architect
http://itsecureadmin.com/
12 years, 8 months
Newbie question: Which distro?
by Steven Santos
I would like to set up an instance of 389DS for my school.
This LDAP server would be used to authenticate users on our old
file/database/local web server, our desktop machines, our WIFI, and for a
number of web applications. Total users is about 300, though the vast
majority (~275) would only authenticate/sign in to our SIS about once a
week.
Our 2 servers are an old CentOS file/SQL server and a Fedora web server
We have 7 different linux workstations (mostly Ubuntu 10.10 and 11.x), 3
Windows boxes (2 Vista and 1 W7) and 1 Mac OSX box.
We currently use a number of local web apps (Koha, Moodle, Wordpress, our
SIS), all of which have LDAP plug-ins.
We would like to eventually also run an ldap server in a hosted VPS that
would get updates from our local LDAP server, and authenticate users to our
various public facing web services, as well as google apps and our paid
databases, though this is a future project.
So what distribution is best supported, and will be supported the longest?
---
Steven Santos
Director
P: 617-527-0667
F: 617-934-1870
E: Steven(a)SimplyCircus.com
Simply Circus, Inc.
86 Los Angeles Street
Newton, MA 02462
12 years, 8 months
Which files to backup?
by Penedo
Hello,
I'm going to tweak configuration of a working CentOS-DS network of LDAP servers.
What are the important files I should back up before doing that?
Files and directories I identified so far:
1. The directory passed to -D on the slapd command line
2. nsslapd-*dir from dse.ldif
Is there anything else to backup?
Thanks,
-P
12 years, 8 months
Re: [389-users] get base dn from ldapsearch
by Angel Bosch Mora
> Maybe I am understanding this wrong but could you not just check in
> the config what the search base is set to on the client side? What is
> the problem you are trying to solve?
>
yes, you're right. i can just take a look at ldap.conf but there's several places to look:
- debian/ubuntu uses /etc/ldap/ldap.conf
- RHEL/CentOS uses /etc/openldap/ldap.conf
- custom compilations can use any path. ex: /usr/local/ldap/ldap.conf
- windows openldap uses... i don't really know :P
so what im trying to do is resolving configured base without knowing anything about the client.
for example, this command gives me the server even if i dont know anything about the conf:
ldapsearch -d1 -x -LLL "(uid=example)" uid 2>&1 | grep ldap_connect_to_host
im just a little bit surprised that i can't find any debuglevel that gives me the BASE
abosch
12 years, 8 months
SSL certificate issue
by s.varadha rajan
Hi,
I am trying to implement, two 389-ds with ssl replication.Replication is
working without ssl. when i try to configure ssl enabled 389-ds, i am
getting the error as,
"[13/Jul/2011:17:38:37 +051800] - SSL alert: CERT_VerifyCertificateNow:
verify certificate failed for cert Server-Cert of family
cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8179 -
Peer's Certificate issuer is not recognized.)
[13/Jul/2011:17:38:37 +051800] - SSL failure: None of the cipher are valid"
*I did the following as per my environment;*
*
*
1.my system name is varad.india.xxx.com. we have a certificate
star.india.xxx.com and .pem files,which is used commonly for Apache and
other related services.so i am planning to import that certificate to my
fedora-ds system,
A).openssl pkcs12 -export -inkey star_dot_india_xxx_key.pem -in
star_dot_india_xxx_cert.crt -out crt.p12 -nodes -name 'Server-Cert' ==>
command went fine
B).pk12util -i <location>/crt.p12 -d . ==> command went fine
C).As per the fedora doc, they specified as "certutil -d
/etc/dirsrv/slapd-INSTANCE -A -n "My Local CA" -t CT,, -a -i
/path/to/ca.pem".so tried this option as ,
#root@varad:/home/sslforldap# certutil -d /etc/dirsrv/slapd-varad -A -n
"Server-Cert" -t u,u,u -a -i star_dot_india_xxx_cert.crt
got an error ==>certutil: function failed: security library: bad database.
and then tried as
#certutil -d /etc/dirsrv/slapd-varad -A -n "Server-Cert" -t u,u,u -a -i
star_dot_india_xxx_cert.crt ==> went fine
D).Added the relevant details in the dse.ldif and restarted the dirsrv.but i
got the above error.
E).For your information,
root@varad:/home/sslforldap# certutil -L -d .
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
XXX XXX CA u,u,u
How can i proceed further ?
Regards,
Varad
12 years, 8 months
Replication trouble
by Andrea Modesto Rossi
Ciao,
Since last week i had no problem and all my configuration worked properly.
Due to NTPD error (my VMs runs on KVM server), today i have some
replication trouble. Scenario:
- 3 Servers with 389 1.2.0 running on virtual machine CENTOS 5.6 (KVM
hypervisor)
- I use multimuster replication so Server A has 2 Agreement: A-->B and
A-->C; Server B has: B-->A and B-->C; Server C has: C-->A and C-->B.
Now, B and C works fine. The problem is Server A that it is able to
receive Update from B and C but it cannot provide Update to B and C...
These are the logs when i try to sync A --> B
-----------
>From A:
[13/Jul/2011:12:05:15 +0200] csngen_new_csn - Warning: too much time skew
(-314253 secs). Current seqnum=1
[13/Jul/2011:12:05:15 +0200] NSMMReplicationPlugin -
agmt="cn=AgreementM21" (deimos:636): Unable to acquire replica: Excessive
clock skew between the supplier and the consumer. Replication is aborting.
[13/Jul/2011:12:05:15 +0200] NSMMReplicationPlugin -
agmt="cn=AgreementM21" (deimos:636): Incremental update failed and
requires administrator action
>From B:
[13/Jul/2011:12:05:15 +0200] NSMMReplicationPlugin - conn=5 op=3
repl="dc=example,dc=com": Excessive clock skew from supplier RUV
[13/Jul/2011:12:05:15 +0200] NSMMReplicationPlugin - conn=5 op=3
replica="dc=example,dc=com": Unable to acquire replica: error: excessive
clock skew
------------
but A and B are the same time.
Can anyone help me? i don't understand where i'm wrong!
Thank you very much for your help.
Ciao,
--
Andrea Modesto Rossi
Fedora Ambassador
12 years, 8 months