389-users December 2012

389-users@lists.fedoraproject.org

26 participants
26 discussions

Problem browsing LDAP with Outlook
by Chris Bryant 26 Aug '20

26 Aug '20

When configuring Microsoft Outlook (not Outlook Express) to access an LDAP directory, there is an option to 'Enable Browsing (requires server support)'. If this option is chosen and the directory server supports it, then you should be able to open the LDAP address book and page up and down through the results. I have been unable to get this working properly with 389 DS. When I try to browse from Outlook against the 389 DS directory, I am able to see the first page of results perfectly. However, if I move to the next page, only the first object returned will have any attributes included, and all of the rest of the objects in the page will have no attributes. I have a test perl script that duplicates this functionality as well. I can get this to work properly with an older version of Netscape Directory Server, and I can get it working with OpenDS. Since 389 DS advertises support for the controls that are required for this to work, just like the other two servers, then I would expect it to work there also. Has anyone out there gotten this to work with 389 DS? If so, can you share if there was anything special that you needed to do to get this to work? I'm trying to determine if this is a bug in the server, or if I'm just missing something in the configuration. Thanks, Chris USA.NET You Run Your Business. We'll Run Your Email. This message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information of USA.NET, Inc. Any unauthorized review, use, copying, disclosure, or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply email and delete all copies of the original message.

3 2

How to set up 389 client
by Chaudhari, Rohit K. 14 Jan '13

14 Jan '13

Hello everyone, How do I set up a 389 LDAP client to authenticate users against a 389 LDAP server? I don't have a trusted certificate authority (CA) but will create self-signed CA that signs server certificates, and then put that self-signed CA as the trusted CA on the client side. Is there anything more specific or a guide on how to set this up out there? Thanks in advance. Rohit

4 23

Swap Master Hardware.
by Shardul Kerkar 08 Jan '13

08 Jan '13

Hi Folks, I have recently been tasked with moving a Single Ldap Master from a dying machine to a spanking new blade. After doing some research it appears to me that the optimum way to do this will be installing a fresh instance of the application on the new server, import the database and then recreate and reinitialize all the hubs and replicas. The problem I face is that this work place has a humongous LDAP database will 3 mil+ entries. Re-initialization is taking upto 3 hours in some cases. With 5 hubs and 20 replicas to reinitialize, the downtime is unacceptable to the client. If I stop writes to the Master, then export the database to the new box and recreate the New-Master-Hub replication after removing the old Master , will I still need to re-initialize the hubs? Is there any way to do this swap without reinitializing or fooling the hubs and reps into thinking that they are still talking to the same Master albeit on a new machine (same ip address/dns). The client is still using ver. 1.1.2 on Centos 5.4 Thanks, Shar Ker

2 4

Support for apple OS X schema?
by Orion Poplawski 04 Jan '13

04 Jan '13

Has any work been done towards supporting Apple OS X ldap schema in 389? It seems like this is the latest OpenLDAP schema for Apple: http://opensource.apple.com/source/OpenLDAP/OpenLDAP-208.1/OpenLDAP/servers… Does anyone know of tools that would populate the various apple specific entries like apple-generateduid? Thanks! -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder Office FAX: 303-415-9702 3380 Mitchell Lane orion(a)nwra.com Boulder, CO 80301 http://www.nwra.com

3 5

Bind localhost to 389, external IP to 636, fails with Local Network address is in use
by Graham Leggett 03 Jan '13

03 Jan '13

Hi all, After updating the directory as follows in order to make 389ds listen to localhost:389 and external.ip.address:636 (with SSL), the server refuses to start complaining as follows: [22/Dec/2012:09:32:26 +0000] createprlistensockets - PR_Bind() on 172.20.10.6 port 636 failed: Netscape Portable Runtime error -5982 (Local Network address is in use.) I have checked, nothing is listening to port 636 before the server restart, so the most likely explanation is that 389ds is trying to bind to port 636 twice, and failing on the second go. # set the IP address for unencrypted access dn: cn=config changetype: modify replace: nsslapd-listenhost nsslapd-listenhost: 127.0.0.1 # set the IP address for encrypted access dn: cn=config changetype: modify replace: nsslapd-securelistenhost nsslapd-securelistenhost: 172.20.10.6 Can anyone point out what I am doing wrong above? Regards, Graham --

2 1

Importing certificates during setup-ds.pl - is this possible?
by Graham Leggett 24 Dec '12

24 Dec '12

Hi all, I am currently trying to script the setup of a directory using the ConfigFile entry within an INF file, and so far I've hit a snag. In order to enable SSL on the directory, first I must use certutil to import the certificate to be used, otherwise the attempt to add the cn=RSA,cn=encryption,cn=config entry fails saying "No such object". If I set up the directory, then manually add the certificates, then manually enable SSL by adding the cn=RSA,cn=encryption,cn=config entry (and various other SSL related configs), it seems to work fine. Is there some way of getting setup-ds.pl to import a given certificate (p12 file, whatever) when the server is set up, in addition to creating the initial certificate database within /etc/dirsrv/slapd-INSTANCE/? Regards, Graham --

3 5

migrate PDC with Samba3+389ds to SAMBA AD DC (samba4)
by Maurizio Marini 24 Dec '12

24 Dec '12

I would migrate a PDC with Samba3+389ds Domain to SAMBA AD DC (samba4). But, to use classic-upgrade tool i need to slapcat ldap tree. https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO # slapcat > backup.ldif can i use this command to get ldif file: /usr/lib/dirsrv/slapd-pdc/db2ldif -n userRoot is it ok with classic-upgrade? someone did it? brgds m.

1 0

Bind localhost to 389, external IP to 636, fails with Local Network address is in use
by Graham Leggett 24 Dec '12

24 Dec '12

1 0

Nested groups ldap to PAM
by Deas, Jim 21 Dec '12

21 Dec '12

I am about to upgrade our systems to the current version. One of my difficulty's in the old version was the lack of nested groups. Is there a way with the current software to create nested groups in openldap that will be seen properly by the linux PAM module and Mac OSX? Regards, JD

3 6

console X11 issue
by Doug Tucker 20 Dec '12

20 Dec '12

I got it installed with the epel. Thanks to Rich for that! Doing an ldapsearch on the base works, yea! I cannot launch the console though. When I try I get this: /usr/bin/389-console -a http://localhost:9830 Exception in thread "main" java.awt.HeadlessException: No X11 DISPLAY variable was set, but this program performed an operation which requires it. at java.awt.GraphicsEnvironment.checkHeadless(GraphicsEnvironment.java:173) at java.awt.Window.<init>(Window.java:477) at java.awt.Frame.<init>(Frame.java:419) at java.awt.Frame.<init>(Frame.java:384) at javax.swing.JFrame.<init>(JFrame.java:174) at com.netscape.management.client.console.Console.<init>(Unknown Source) at com.netscape.management.client.console.Console.main(Unknown Source) Googling reveals people not passing X through their ssh session. I am by ssh -X hostname. I have tried from 2 different X clients and get the same results. Any ideas? -- Sincerely, Doug Tucker

2 2

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-users December 2012