Problem browsing LDAP with Outlook
by Chris Bryant
When configuring Microsoft Outlook (not Outlook Express) to access an LDAP directory, there is an option to 'Enable Browsing (requires server support)'. If this option is chosen and the directory server supports it, then you should be able to open the LDAP address book and page up and down through the results. I have been unable to get this working properly with 389 DS.
When I try to browse from Outlook against the 389 DS directory, I am able to see the first page of results perfectly. However, if I move to the next page, only the first object returned will have any attributes included, and all of the rest of the objects in the page will have no attributes. I have a test perl script that duplicates this functionality as well.
I can get this to work properly with an older version of Netscape Directory Server, and I can get it working with OpenDS. Since 389 DS advertises support for the controls that are required for this to work, just like the other two servers, then I would expect it to work there also.
Has anyone out there gotten this to work with 389 DS? If so, can you share if there was anything special that you needed to do to get this to work? I'm trying to determine if this is a bug in the server, or if I'm just missing something in the configuration.
Thanks,
Chris
USA.NET
You Run Your Business. We'll Run Your Email.
This message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information of USA.NET, Inc. Any unauthorized review, use, copying, disclosure, or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply email and delete all copies of the original message.
3 years
Logging Creation and Deletion
by David Hoskinson
I am having a bit of trouble understanding creation and deletion of logs. Creation is max number of logs = 10, fie size 100 MB, and create a new log every day. This is the default I believe as I haven't changed it. My question is does one of these parameters over ride the other? For example we want to keep 24 weeks of logs, and for example create a log everyday. And logs are quite small for us, so would the 100 mb parameter take precedence or the one day setting?
Same with deletion... would like the when drive has less then 5 mb and delete files over 24 weeks old but don't care about the 500 mb total size.
I see some fields can be set with -1 to inactivate them but some can't...
If anyone can explain this a little clearer I am sure its just something I am missing
David Hoskinson | DATATRAK International
Systems Engineer
Mayfield Heights, Ohio, USA
+1.440.443.0082 x 124 (p) | +1.440.391.7753 (m)
david.hoskinson(a)datatrak.net<mailto:david.hoskinson@datatrak.net> | www.datatrak.net<http://www.datatrak.net/>
11 years, 7 months
Dir Admin Shows Stopped
by Dan Whitmire
When I bring up the 389-console it shows that the Administration Server
as being down. When I do 'service dirsrv-admin status' it shows as running.
I recently installed PKI CA, RA, TPS, and TKS. I'm experiencing
problems with TKS which I believe is TLS related. Could that be
affecting my directory server?
Thanks for all the help and support.
11 years, 7 months
Announcing 389 Directory Server version 1.2.10 Alpha 8 Testing
by Rich Megginson
The 389 Project team is pleased to announce the release of
389-ds-base-1.2.10.a8. 1.2.10 has some new features and fixes for bugs
found in 1.2.10 testing and bugs from earlier releases. There is also a
389-admin package in testing
NEW: EL6 support
Beginning with RHEL 6.2, the 389-ds-base package is included in the base
OS. Therefore, the 389-ds-base package can no longer be provided via
EPEL, due to RHEL/EPEL packaging restrictions.
However, the 389 Project will still make the full 389-ds-base package
available via http://repos.fedorapeople.org/repos/rmeggins/389-ds-base.
See http://directory.fedoraproject.org/wiki/Download for more information.
NEW: Issue Tracking System
We have moved our ticket tracking system from the Red Hat Bugzilla
https://bugzilla.redhat.com/enter_bug.cgi?product=389 to our Fedora
Hosted Trac https://fedorahosted.org/389. All of the old 389 bugs have
been copied to Trac. All new bugs, feature requests, and tasks should be
entered in Trac
NEW: Plugin Authors
WARNING: Plugins should be made transaction aware so that they can be
called from within a backend pre/post transaction plugin. Otherwise,
attempting to perform an internal operation will cause a deadlock. See
http://directory.fedoraproject.org/wiki/Plugins
Installation
yum install --enablerepo=updates-testing 389-ds
# or for EPEL
yum install --enablerepo=epel-testing
[--enablerepo=epel-testing-389-ds-base] 389-ds
setup-ds-admin.pl
Upgrade
yum upgrade --enablerepo=updates-testing 389-ds-base
idm-console-framework 389-admin 389-ds-console 389-admin-console
# or for EPEL
yum upgrade --enablerepo=epel-testing
[--enablerepo=epel-testing-389-ds-base] 389-ds-base
idm-console-framework 389-admin 389-ds-console 389-admin-console
setup-ds-admin.pl -u
How to Give Feedback
The best way to provide feedback is via the Fedora Update system.
* Go to https://admin.fedoraproject.org/updates
* In the Search box in the upper right hand corner, type in the name of
the package
* In the list, find the version and release you are using (if you're not
sure, use rpm -qi <package name> on your system) and click on the release
* On the page for the update, scroll down to "Add a comment" and provide
your input
Or just send us an email to 389-users(a)lists.fedoraproject.org
Reporting Issues
https://fedorahosted.org/389
More Information
* Release Notes - http://port389.org/wiki/Release_Notes
* Install_Guide - http://port389.org/wiki/Install_Guide
* Download - http://port389.org/wiki/Download
11 years, 8 months
Re: [389-users] Problems with Database Import.
by Dan H. Eicher
Rich/All,
I finally got my ldif to import. I found I had a small number of
groups with bogus information in their records (I'll include one actual
example below). Once these couple of entries where removed/corrected,
everything imported. I have also including the specific on 389 / fedora
version-ing information.
The use of:*fedora-idm-console -D 9 2>&1 |tee console.log - was
invaluable.*
[dhe@localhost testdump]$ rpm -qi 389-ds-base
Name : 389-ds-base
Version : 1.2.10
Release : 0.5.a5.fc16
Architecture: x86_64
Install Date: Tue 17 Jan 2012 03:29:47 PM EST
Group : System Environment/Daemons
Size : 4907156
License : GPLv2 with exceptions
Signature : RSA/SHA256, Fri 04 Nov 2011 02:31:54 PM EDT, Key ID
067f00b6a82ba4b7
Source RPM : 389-ds-base-1.2.10-0.5.a5.fc16.src.rpm
Build Date : Fri 04 Nov 2011 07:13:20 PM EDT
Build Host : x86-17.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager : Fedora Project
Vendor : Fedora Project
URL : http://port389.org/
Summary : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server. The base package
includes
the LDAP server and command line utilities for server administration.
[root@localhost testdump]# cat /etc/issue
Fedora release 16 (Verne)
Kernel \r on an \m (\l)
[root@localhost testdump]# uname -a
Linux localhost.localdomain 3.2.1-3.fc16.x86_64 #1 SMP Mon Jan 23
15:36:17 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
dn: cn=DRSS,ou=Groups,dc=localdomain
modifyTimestamp: 20110909040227Z
modifiersName: uid=suser,dc=localdomain
cn: DRSS
gidNumber: 11380
memberUid: u1
memberUid: u2
memberUid: u3
memberUid: u4
ntUserDomainId: DRSS
objectClass: top
objectClass: groupofuniquenames
objectClass: posixgroup
objectClass: ntgroup
uniqueMember: uid=u1,u2,u3,u4,ou=Users,dc=localdomain
>> This doesn't look like a unique Member.... -or-
uniqueMember: uid=
>> Null
uniqueMember: uid=u1,ou=Users, dc=localdomain
uniqueMember: uid=u2,ou=Users, dc=localdomain
uniqueMember: uid=u3,ou=Users, dc=localdomain
creatorsName: uid=suser,dc=localdomain
createTimestamp: 20110909040111Z
nsUniqueId: 4cd49801-da9811e0-90ddb7ef-aa3939d0
I guess the take away is, you can create garbage inside LDAP, export
said garbage, but don't expect it to import.
Is the result of having slapd die the normal behavior, or should a bug
report be filled?
Thanks for the help,
Dan
On 01/24/2012 03:21 PM, Rich Megginson wrote:
> On 01/24/2012 12:25 PM, Dan H. Eicher wrote:
>>
>> Hi,
>> I will answer publicly so others might get some benefit, but first a
>> dumb questions.
>>
>> When I try to do a ldif2db from the command line, nothing gets
>> added, I get an error message similar
>> to:
>>
>>
>> *[24/Jan/2012:10:56:06
>> -0500]
>>
>> - import userRoot: WARNING: Skipping entry
>>
>> "uid=myuser,ou=Users,dc=localdomain" which has no parent,
>>
>> ending at line 533175 of file "/testdump/dr-out-mod2"
>>
>>
>>
>>
>>
>>
>>
>> I manually added an ou called Users under localdomain - but
>>
>> still no joy.
>>
>> *
> Right. import is not an "additive" operation, it is a "destructive"
> operation. If you want the entry to be added, add it first to the
> LDIF file. That means your ldif file will first need an entry for
> dc=localdomain, then under that an entry for *ou=Users,dc=localdomain,
> then your user entries.*
>> *
>>
>>
>>
>>
>>
>> Import Database does not seem to have this issue with no
>>
>> parent, but Initialize Database which is running now, seems
>> to
>>
>> also.
>>
>> *
> Right. In console "import" is additive and "initialize" is destructive.
>> *
>>
>>
>>
>>
>>
>> Any tips?
>>
>>
>>
>>
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Dan
>>
>>
>>
>>
>>
>>
>>
>> *
>>
>>
>>
>> On 01/23/2012 04:07 PM, Rich Megginson wrote:
>>> On 01/23/2012 02:05 PM, Dan H. Eicher wrote:
>>>> I’m attempting to port my ldap database from one machine to
>>>> another, the machine I am attempting to port to is running a newer
>>>> version of 389. The target machine is build 2011.308.2312.
>>>>
>>>> On the source machine I do an db2ldif - all looks good.
>>>>
>>>> I go to the target machine and start fedora-console, open the
>>>> directory server and choose import database.
>>> Have you tried Initialize database?
>>>>
>>>> The first couple of thousand entries/users seem to go well, but
>>>> then by looking at both my ldif source file and the contents of my
>>>> reject file after one particular user I get:
>>>>
>>>> Error adding object 'dn: uid=ctuser,ou=Users,dc=localdomain'. The
>>>> error sent by the server was 'Cannot connect to the LDAP server'.
>>> Did the server then crash? Do you have a core file? What platform?
>>> What version is the target machine? rpm -qi 389-ds-base
>>>>
>>>> Every new user after that fails to be added.
>>>>
>>>> The import appears to complete and slapd doesn’t stop.
>>>>
>>>> Any tips here on how I can resolve this?
>>> You could try to use ldif2db from the command line on the target
>>> machine.
>>>>
>>>> Thanks,
>>>> Dan
>>>> --
>>>> 389 users mailing list
>>>> 389-users(a)lists.fedoraproject.org
>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>
>
11 years, 8 months
CN=Monitor 3.0 released
by Andreas Andersson
Hi!
It has been over a year ago since I sent out information about CN=Monitor on this mailing list.
It's a web based monitoring application with focus on directory server performance and configuration verification.
From single installed servers to large scaled deployments with main focus on 389/RHDS and other directory servers.
Just wanted to let you know that I recently released version 3.0 and would appreciate feedback and ideas for future versions.
http://cnmonitor.sourceforge.net
Best Regards – Andreas
11 years, 8 months
dirsrv-admin stat not working
by Dan Whitmire
I am having a terrible time attempting to get dirsrv-admin working on
Fedora 15. Can someone please help me? I have selinux in permissive
mode. I have tried all that I know to do, so any advice is welcome. I
get the following:
# service dirsrv-admin start
Starting dirsrv-admin:
/usr/sbin/start-ds-admin: line 105: 2275 Segmentation fault
$SELINUX_CMD $HTTPD $OMIT_DEFLATE -k start -f
/etc/dirsrv/admin-serv/httpd.conf "$@"
The logs are as follows:
/var/log/messages
Jan 20 10:12:42 SonshineServer kernel: [ 1779.299009]
httpd.worker[2275]: segfault at 10 ip 00007fdc0f5019b0 sp
00007fff855d6528 error 4 in libpthread-2.14.1.so[7fdc0f4f8000+16000]
/var/log/dirsrv/admin-serv/error
[Fri Jan 20 10:12:42 2012] [error] Could not bind as []: ldap error -1:
Can't contact LDAP server
[Fri Jan 20 10:12:42 2012] [error] Could not bind as []: ldap error -1:
Can't contact LDAP server
[Fri Jan 20 10:12:42 2012] [warn] Unable to bind as LocalAdmin to
populate LocalAdmin tasks into cache.
[Fri Jan 20 10:12:42 2012] [notice] Access Host filter is:
*.SonshineAccess.com
[Fri Jan 20 10:12:42 2012] [notice] Access Address filter is: *
/var/log/audit/audit.log
type=CRED_DISP msg=audit(1327075262.337:65): user pid=2144 uid=0 auid=0
ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred
acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron
res=success'
type=USER_END msg=audit(1327075262.373:66): user pid=2144 uid=0 auid=0
ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=?
addr=? terminal=cron res=success'
type=ANOM_ABEND msg=audit(1327075962.009:67): auid=500 uid=0 gid=0 ses=1
subj=unconfined_u:system_r:httpd_t:s0 pid=2275 comm="httpd.worker" sig=11
11 years, 8 months
Problems with Database Import.
by Dan H. Eicher
I’m attempting to port my ldap database from one machine to another, the
machine I am attempting to port to is running a newer version of 389.
The target machine is build 2011.308.2312.
On the source machine I do an db2ldif - all looks good.
I go to the target machine and start fedora-console, open the directory
server and choose import database.
The first couple of thousand entries/users seem to go well, but then by
looking at both my ldif source file and the contents of my reject file
after one particular user I get:
Error adding object 'dn: uid=ctuser,ou=Users,dc=localdomain'. The error
sent by the server was 'Cannot connect to the LDAP server'.
Every new user after that fails to be added.
The import appears to complete and slapd doesn’t stop.
Any tips here on how I can resolve this?
Thanks,
Dan
11 years, 8 months
389DS very slow shutdown
by Diego Woitasen
Hi,
I have a weird problem with 389DS. It takes more than 5 minutes to
shutdown. The init script sends a SIGTERM to the process and it
finishes clean. That's clear looking at the log file too:
grep "slapd shutting down" errors
[10/Nov/2011:17:55:52 -0300] - slapd shutting down - waiting for 22
threads to terminate
[10/Nov/2011:17:55:52 -0300] - slapd shutting down - closing down
internal subsystems and plugins
[10/Nov/2011:17:55:52 -0300] - slapd shutting down - waiting for
backends to close down
[10/Nov/2011:18:01:41 -0300] - slapd shutting down - backends closed down
First I thought that I was related to my 150 DBs but I created a test
case with a clean server, 150 DBs and 10.000 entries and the shutdown
takes 2 seconds.
The only weird thing that I see is the dse.ldif.tmp file being
truncated and written and again and again... several times until
shutdown. Strace shows me that the process is writting configuration
entries too.
I'm using DS 1.2.9.9 (same problem with 1.2.8.3) on Debian Squeeze.
I set errorlevel to 1 but I don't know is there is something
interesting in the log. I upload the log here if someone want to have
a look: http://main.woitasen.com.ar/errors
What can I do to start to discover what's happening here?
Regards,
Diego
--
Diego Woitasen
11 years, 8 months
