Problem browsing LDAP with Outlook
by Chris Bryant
When configuring Microsoft Outlook (not Outlook Express) to access an LDAP directory, there is an option to 'Enable Browsing (requires server support)'. If this option is chosen and the directory server supports it, then you should be able to open the LDAP address book and page up and down through the results. I have been unable to get this working properly with 389 DS.
When I try to browse from Outlook against the 389 DS directory, I am able to see the first page of results perfectly. However, if I move to the next page, only the first object returned will have any attributes included, and all of the rest of the objects in the page will have no attributes. I have a test perl script that duplicates this functionality as well.
I can get this to work properly with an older version of Netscape Directory Server, and I can get it working with OpenDS. Since 389 DS advertises support for the controls that are required for this to work, just like the other two servers, then I would expect it to work there also.
Has anyone out there gotten this to work with 389 DS? If so, can you share if there was anything special that you needed to do to get this to work? I'm trying to determine if this is a bug in the server, or if I'm just missing something in the configuration.
Thanks,
Chris
USA.NET
You Run Your Business. We'll Run Your Email.
This message is for the sole use of the intended recipient(s) and may contain confidential and/or privileged information of USA.NET, Inc. Any unauthorized review, use, copying, disclosure, or distribution is prohibited. If you are not the intended recipient, please immediately contact the sender by reply email and delete all copies of the original message.
3 years, 1 month
How to set up 389 client
by Chaudhari, Rohit K.
Hello everyone,
How do I set up a 389 LDAP client to authenticate users against a 389 LDAP server? I don't have a trusted certificate authority (CA) but will create self-signed CA that signs server certificates, and then put that self-signed CA as the trusted CA on the client side. Is there anything more specific or a guide on how to set this up out there? Thanks in advance.
Rohit
10 years, 8 months
Swap Master Hardware.
by Shardul Kerkar
Hi Folks,
I have recently been tasked with moving a Single Ldap Master from a dying machine to a spanking new blade. After doing some research it appears to me that the optimum way to do this will be installing a fresh instance of the application on the new server, import the database and then recreate and reinitialize all the hubs and replicas. The problem I face is that this work place has a humongous LDAP database will 3 mil+ entries. Re-initialization is taking upto 3 hours in some cases. With 5 hubs and 20 replicas to reinitialize, the downtime is unacceptable to the client.
If I stop writes to the Master, then export the database to the new box and recreate the New-Master-Hub replication after removing the old Master , will I still need to re-initialize the hubs? Is there any way to do this swap without reinitializing or fooling the hubs and reps into thinking that they are still talking to the same Master albeit on a new machine (same ip address/dns).
The client is still using ver. 1.1.2 on Centos 5.4
Thanks,
Shar Ker
10 years, 8 months
Bind localhost to 389, external IP to 636, fails with Local Network address is in use
by Graham Leggett
Hi all,
After updating the directory as follows in order to make 389ds listen to localhost:389 and external.ip.address:636 (with SSL), the server refuses to start complaining as follows:
[22/Dec/2012:09:32:26 +0000] createprlistensockets - PR_Bind() on 172.20.10.6 port 636 failed: Netscape Portable Runtime error -5982 (Local Network address is in use.)
I have checked, nothing is listening to port 636 before the server restart, so the most likely explanation is that 389ds is trying to bind to port 636 twice, and failing on the second go.
# set the IP address for unencrypted access
dn: cn=config
changetype: modify
replace: nsslapd-listenhost
nsslapd-listenhost: 127.0.0.1
# set the IP address for encrypted access
dn: cn=config
changetype: modify
replace: nsslapd-securelistenhost
nsslapd-securelistenhost: 172.20.10.6
Can anyone point out what I am doing wrong above?
Regards,
Graham
--
10 years, 9 months
Importing certificates during setup-ds.pl - is this possible?
by Graham Leggett
Hi all,
I am currently trying to script the setup of a directory using the ConfigFile entry within an INF file, and so far I've hit a snag.
In order to enable SSL on the directory, first I must use certutil to import the certificate to be used, otherwise the attempt to add the cn=RSA,cn=encryption,cn=config entry fails saying "No such object". If I set up the directory, then manually add the certificates, then manually enable SSL by adding the cn=RSA,cn=encryption,cn=config entry (and various other SSL related configs), it seems to work fine.
Is there some way of getting setup-ds.pl to import a given certificate (p12 file, whatever) when the server is set up, in addition to creating the initial certificate database within /etc/dirsrv/slapd-INSTANCE/?
Regards,
Graham
--
10 years, 9 months
Bind localhost to 389, external IP to 636, fails with Local Network address is in use
by Graham Leggett
Hi all,
After updating the directory as follows in order to make 389ds listen to localhost:389 and external.ip.address:636 (with SSL), the server refuses to start complaining as follows:
[22/Dec/2012:09:32:26 +0000] createprlistensockets - PR_Bind() on 172.20.10.6 port 636 failed: Netscape Portable Runtime error -5982 (Local Network address is in use.)
I have checked, nothing is listening to port 636 before the server restart, so the most likely explanation is that 389ds is trying to bind to port 636 twice, and failing on the second go.
# set the IP address for unencrypted access
dn: cn=config
changetype: modify
replace: nsslapd-listenhost
nsslapd-listenhost: 127.0.0.1
# set the IP address for encrypted access
dn: cn=config
changetype: modify
replace: nsslapd-securelistenhost
nsslapd-securelistenhost: 172.20.10.6
Can anyone point out what I am doing wrong above?
Regards,
Graham
--
10 years, 9 months
Nested groups ldap to PAM
by Deas, Jim
I am about to upgrade our systems to the current version. One of my difficulty's in the old version was the lack of nested groups.
Is there a way with the current software to create nested groups in openldap that will be seen properly by the linux PAM module and Mac OSX?
Regards,
JD
10 years, 9 months
console X11 issue
by Doug Tucker
I got it installed with the epel. Thanks to Rich for that! Doing an
ldapsearch on the base works, yea! I cannot launch the console though.
When I try I get this:
/usr/bin/389-console -a http://localhost:9830
Exception in thread "main" java.awt.HeadlessException:
No X11 DISPLAY variable was set, but this program performed an operation
which requires it.
at
java.awt.GraphicsEnvironment.checkHeadless(GraphicsEnvironment.java:173)
at java.awt.Window.<init>(Window.java:477)
at java.awt.Frame.<init>(Frame.java:419)
at java.awt.Frame.<init>(Frame.java:384)
at javax.swing.JFrame.<init>(JFrame.java:174)
at com.netscape.management.client.console.Console.<init>(Unknown
Source)
at com.netscape.management.client.console.Console.main(Unknown Source)
Googling reveals people not passing X through their ssh session. I am
by ssh -X hostname. I have tried from 2 different X clients and get the
same results. Any ideas?
--
Sincerely,
Doug Tucker
10 years, 9 months