Darren Fulton wrote:
On Wed, 2005-07-13 at 10:07 +0300, Vesko wrote:
Adam Stokes wrote:
There is no need for the /etc/group file to have those entries in it
because Samba will map the entires from the ldap server.
So remove the entries in /etc/group, import the ldif
from
You need to install the krb5-devel package.
Jason Kullo Sam wrote:
Ok, got through all that, now onto building the DS source(again...but
RIGHT this time).
I get the feeling
I input this
cd ldapserver/ ; gmake USE_PERL_FROM_PATH=1
BUILD_DEBUG=optimize
This sounds like a known issue with the JVM that Admin Server uses
crashing with JIT enabled.
Re-run your installation, but set the environment variable
JAVA_COMPILER=none first. That will diable JIT and should get you
through the install. When the install is complete, edit the FDS
install
Dean Jones wrote:
Hey everyone,
I have setup winsync between FDS and AD and just want to clarify a few
points that i can't find in the docs or older posts..
1. Passwords. They do not appear to be syncing either direction but i
don't have SSL enabled. my guess is that this is normal?
Kevin M. Myer wrote:
Nathan,
I'm not sure if it matters what directory the agent is invoked from
but the results are the same, if invoked with a full path, or if
already in the bin/slapd/server directory:
# cat /opt/fedora-ds/slapd-instance/config/ldap-agent.conf
server
Aly Dharshi wrote:
Hello All,
I hope that you are well. Please forgive me if this is an out
there question, with some of the changes that I read below in
Richard's annoucement, how well will FDS 1.0 play with Sun's DS 5.x ?
Anybody with any thoughts on this ? I am referring to
Hartmut Wöhrle wrote:
Hell Elliot,
Am Dienstag, 29. November 2005 21:27 schrieb Elliot Schlegelmilch:
I'm a bit confused now. Which password, or which actual? You can
ldapsearch using the uid=admin,ou=system account and correct password.
correct password thats exactly my problem. I
FDS 7.1 included the IBM JVM. FDS 1.0 does not include a JVM. To use
Console you need either the 14.2 Sun or IBM JVM on your system with
JAVA_HOME set appropriately.
-NGK
Brian Zuromski wrote:
After upgrading I keep getting this when starting the console...
./startconsole -u admin -a
Craig White wrote:
I can start the console and I get a window asking me to log in but the
login window is never presented.
# cat /etc/profile.d/java.sh
JREHOME=/usr/java/jre1.5.0_06/lib/i386
JAVA_HOME=/usr/java/jre1.5.0_06
JAVAWSHOME=/usr/java/jre1.5.0_06/javaws
[EMAIL PROTECTED] wrote:
Hallo everyone,
so now the Winsync from NT4 PDC - FDS works fine (thanks to all)
And now the next step gives me a problem.
I do the Password sync without SSL connection (only one problem at a time).
The PassSync service requires SSL. If you take a look at the
Hartmut Wöhrle wrote:
Am Mittwoch, 7. Dezember 2005 15:17 schrieb Nathan Kinder:
[EMAIL PROTECTED] wrote:
Hallo everyone,
so now the Winsync from NT4 PDC - FDS works fine (thanks to all)
And now the next step gives me a problem.
I do the Password sync without SSL connection (only
Michael Montgomery wrote:
On Fri, 2005-12-16 at 11:22 -0700, Craig White wrote:
On Fri, 2005-12-16 at 12:02 -0600, Michael Montgomery wrote:
Ok, this is just great. I've locked myself out of the admin server now,
and no ips can connect. So... I'll try the admconfig tool mentioned in
Jo,
I'm expecting to check in code for this in the next few days, so don't
worry about it. Thanks for offering to help with it though!
Are there any specific password complexity requirements that you could
share with us? I'd like to make sure I'm writing something useful to as
many
Jo De Troy wrote:
Hi Nathan, Richard,
I was thinking along the lines of pam_passwdqc, well part of it.
The password should contain at least 3 different character categories.
The categories being: lowercase, uppercase, special characters and numbers
Yes, I'm working on implementing this. The
Fabio Gomes wrote:
Hi list,
Is there a searchable archive for this mailing list?
There are archives available for online browsing as well as downloading at:
https://www.redhat.com/archives/fedora-directory-users
There is not an online search capability.
-NGK
I don't
Alex wrote:
# ls /usr/lib/jvm/java-1.4.2-ibm-1.4.2.2
bin include jre lib
So I set JAVA_HOME:
JAVA_HOME=/usr/lib/jvm/java-1.4.2-ibm-1.4.2.2 ; export JAVA_HOME
Then I can run startconsole
Ok, for test...
- I've unistalled jre-1.4.2 and downloaded and installed
Jim Summers wrote:
Hello All,
I was modifying the value of an attribute, automountInformation in
this instance. The modify works as expected, but when I use
ldapsearch to dump the entry containing the new value it seems to
truncate it at 78 characters, that is (attribute name + attribute
Bliss, Aaron wrote:
I have 1 more question; looking at the new password policy options, what
is the difference between required special characters and required alpha
characters? Are alpha characters integers and special characters keys
such as #$% Thanks again.
Alphas are letters only.
Susan wrote:
--- Alex aka Magobin [EMAIL PROTECTED] wrote:
On gio, 2006-03-23 at 08:43 -0800, Susan wrote:
This is what I did to get ssl repl working:
1. generate a single CA certificate and use that to sign both the supplier and
consumer
certificates. Each server doesn't need its
Brian Moyles wrote:
We're in the process of evaluating FDS, but have run into a small problem.
I'm forwarding X from the server back to my OS X box running Apple's X11.
When I run startconsole, I get a half-drawn login window. I've tried a few
different jvms from different vendors, no luck.
Vsevolod (Simon) Ilyushchenko wrote:
Hi,
I've noticed that FDS is significantly slower in answering queries
than openldap. If I run 'ls -l /home' on the list of 64 home
directories whose owners are all different, I get the list back in 1
second if I use openldap. Version 7 of FDS took 16
Fedora Directory Server 1.0.2 is now available for Fedora Core 5 x86 and
x86_64!
You can download the Fedora Directory Server 1.0.2 RPMs from the
download page:
http://directory.fedora.redhat.com/wiki/Download
For general information on Fedora Directory Server 1.0.2, please see the
the
Espen A. Stefansen wrote:
Hi
I'm a new user to FDS, so I've got some problems getting it to work. I'm
trying to sync our Active Directory over to FDS. Unfortunately it
doesn't work, so hopefully someone can give me some pointers.
I've been looking through the wiki and the manuals, but i
Jeff Gamsby wrote:
Thanks for everyone's help to get my FDS server running in SSL mode.
I have another problem:
I'm trying to setup PassSync, and I have got to the point whwre I can run
ldapsearch over SSL to talk to AD.
I'm trying to setup the sync agreement but cannot change the suppliers
Jeff Gamsby wrote:
Jeff Gamsby
Center for X-Ray Optics
Lawrence Berkeley National Laboratory
(510) 486-7783
Richard Megginson wrote:
Jeff Gamsby wrote:
Jeff Gamsby
Center for X-Ray Optics
Lawrence Berkeley National Laboratory
(510) 486-7783
Richard Megginson wrote:
Jeff Gamsby wrote:
Jeff Gamsby wrote:
I think that you are getting hung up on a display issue. The
supplier is just listed as a string to identify the instance. The
synchronization is always[*] initiated from the FDS side, so as long
as you are trying to connect to AD via SSL, everything will be
Philip Kime wrote:
My knowledge of SNMP is only fair, bear with me ...
I've set up the subagent for SNMP monitoring and can snmpwalk the rhds
stuff, with the output below. I have a few questions though:
1. what is the .389 suffix on the variables? Looks like the port
number of the server?
Philip Kime wrote:
The AgentX subagent config file is supposed to take a config line
agentx-logdir
The correct configuration parameter is agent-logdir. There is a typo
in the documentation where it incorrectly refers to it as
agentx-logdir. I will get this updated in the documentation.
Brian Moyles wrote:
I've got 2 machines in multimaster replication across a WAN link. I'm
replicating our root suffix (userRoot) successfully. I'm storing
o=NetscapeRoot on box01 right now, and want to replicate that to 02 (using
2-way multimaster) and have 02 use its local copy so I have
Sergey Ivanov wrote:
Hi,
I'd like to restrict ns-slapd to listen to LAN. It is installed at the
computer having 2 interfaces, pointing to WAN and LAN. Are there some
way to bind ns-slapd to listen for one of these 2 IPs, not to 0.0.0.0?
You can use the nsslapd-listenhost configuration
Hai Zaar wrote:
Dear list!
I'm using FDS-1.0.2 together with Heimdal Kerberos as NIS replacement.
I having rather strange problem with SASL.
I have two posixGroups. The first is
cn=peopleGroup,ou=people,dc=example,dc=com and the other is
cn=testGroup,ou=Groups,dc=example,dc=com
testGroup is
Dick Steflik wrote:
All,
I'm trying to run FDS for a class I teach, I have previously used the
Netscape Directory Server on NT but the hard drive on that machine
went belly up this last summer. I decided that Linux would be the way
to go for a replacement machine. Anyway, I downloaded the
Howard Chu wrote:
Date: Wed, 25 Oct 2006 14:40:45 -0700
From: George Holbert [EMAIL PROTECTED]
Last time I looked at this, I vaguely recall finding that pam_ldap
doesn't pay too much attention to FDS password metadata for
expiration warnings or strength restrictions. So what you're seeing
Jeff Gamsby wrote:
Jeff Gamsby wrote:
I came across this problem today.
When changing passwords from the Fedora console, it works and syncs
across to AD.
When changing passwords using 'passwd', it does not sync until
pam_password is changed to ssha in ldap.conf. Then it syncs fine.
When
Bliss, Aaron wrote:
Hi everyone,
I'm attempting to get password synchronization to work between fds and
active directory; per the following document
_http://directory.fedora.redhat.com/wiki/Howto:WindowsSync#Test_to_make_sure_you_can_talk_SSL_from_Fedora_Directory_to_AD_
, I now have my AD
Bliss, Aaron wrote:
I'm a little confused here; what is the purpose of the passsync service
(I've successfully created a replication agreement over ssl via fds and
ad). Thanks again.
The PassSync service is only responsible for sending password changes
initiated on the AD side to FDS. Any
with a new cookie to use next time. You can think
of this as pull-style replication in the AD-FDS direction. FDS pushes
it's changes to AD while pulling changes from AD to itself.
-NGK
Aaron
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nathan
Kinder
Philip Kime wrote:
Hmm - If I enable password syntax checking globally, it works -
ldappasswd applies the policy and so does PAM via pam_ldap. If it's a
local policy on a subtree or user, it doesn't? I have checked and the
cn=config nsslapd-pwpolicy-local is set to on so it should be
applying
Philip Kime wrote:
Yes. The global setting must be enabled to use any sort of password
syntax checking. You can then override it at the subtree or user
level.
Hmm, doesn't seem to make any difference - I enabled password syntax
checking at the global level and it works, if I try to
Philip Kime wrote:
On the same panel where the global option is, there is a checkbox for
enabling file-
grained policies. The server will not enforce fine-grained policies
unless this box is checked.
Yes, this is turned on. We are talking about the same place I hope - the
Richard Megginson wrote:
Nicholas Byrne wrote:
Firstly, thanks for your help. Responding inline below -
Richard Megginson wrote:
Nicholas Byrne wrote:
Hi,
With FDS 1.0.2, I've followed the configuration howto guide lines
to setup the Directory Server to use SSL (as per my post a few days
Stephen C. Rigler wrote:
Is it possible to specify different types of password encryption on a
subtree level from the that which is specified in the global policy?
Using 1.0.4, it seems that if I specify crypt on the global level,
specifying sha on a subtree level has no affect on the hashing
Mikael Kermorgant wrote:
Hello,
This night, FDS (1.0.2) refused to start after backup. I found this in
the logs :
[06/Feb/2007:22:04:39 +0100] - slapd stopped.
Fedora-Directory/1.0.2 B2006.060.1951
host:389 (/opt/fedora-ds/slapd-supann)
[06/Feb/2007:22:04:51 +0100] dse - The
[EMAIL PROTECTED] wrote:
I thought I was smart until I dove into LDAP. I am the sole part-time IT
Manager for a charter school (240 students, 20 staff, 60 computers) and
am migrating away from a Windows server environment to Linux. The only
services that are being provided by a Windows server
Scott Ackerman wrote:
Thanks Nathan, but where did I miss that in the how-to?
It appears to be missing from the how-to (some of the how-to's do make
reference to nss_ldap being required though).
Nathan Kinder wrote:
[EMAIL PROTECTED] wrote:
I thought I was smart until I dove
Philip Kime wrote:
FDS 1.0.2 and suddenly today three out of four servers segfaulted (at
different times) with this identical dump message:
Feb 14 19:40:17 hqldap01 kernel: ns-slapd[2432]: segfault at
0008 rip 00411b6f rsp 404520c8 error 4
syslog also had a lot of
Alexandre Augusto da Rocha wrote:
This is not true. You don't need SSL if AD will be a true slave. SLL
is only required if you want to allow users to change their passwords
on AD and have that propagated to FDS.
Not exactly. You need SSL to allow passwords to be synchronized in
either
Dennis Crissman wrote:
I am experimenting with Fedora Directory Server and trying to hook up
PassSync to synchronize with Active Directory. I have found a walk
through on how to set this up
(http://directory.fedoraproject.org/wiki/Howto:WindowsSync#Configuring_PassSync),
but it seems to
Chris Halstead wrote:
userPassword has no value at all.
Are you searching as cn=Directory Manager when you check for userPassword?
-chris
Richard Megginson wrote:
Do you have two values for the userPassword attribute in your entry?
--
Fedora-directory-users mailing list
the console? A second value
for userPassword is getting added instead of doing a replace of the
existing password for some reason.
-NGK
When I reset the password using PAM-enabled passwd there is only one.
-chris
Nathan Kinder wrote:
Chris Halstead wrote:
userPassword has no value at all.
Are you
James wrote:
Hi All,
I have a set of directory servers with multi-master replicaiton. On one of
the two master servers, I see this log:
[25/Mar/2008:14:26:42 -0400] NSMMReplicationPlugin - conn=5 op=6
csn=47cec17c:
Can't created glue entry
=com. Try doing
this search instead:
ldapsearch -b ou=people,dc=soleocommunications,dc=com -s one
uid=soleotester
-NGK
Thanks
~James
On Tuesday 25 March 2008 14:46:56 Nathan Kinder wrote:
James wrote:
Hi All,
I have a set of directory servers with multi-master replicaiton
Luigi Santangelo wrote:
Hi everybody, this is my problem:
I configured my Fedora DS and now I can sync the LDAP's users with
Windows 2003 Active Directory. Then, I created a new user with this
code ldif
dn: uid=red,ou=Other,ou=Students,ou=People,dc=x,dc=xx
givenName: red
sn: red
Eric Brown wrote:
I have been trying to get the Password Syntax Checking working with
FDS 1.0.4 and am having some trouble with the passwords that it is
allowing and the ones that are returning invalid syntax.
I started by setting the password policy the way I thought I wanted to
use for my
Wolf Siedler wrote:
So let me describe the setup:
I have a server (RHEL 5.1) running Fedora Directory Server and Fedora
Admin Server. It used to be Fedora-DS 1.0.4 (installed from rpm). A
few days ago, I upgraded Fedora-DS to 1.1. For the upgrade procedure,
I followed the instructions on the
Michael Brown wrote:
Hello All
Can anyone point me to load generation tools specific to LDAP? Do
they even exist? I'm working with an RHDS customer (currently RHDS
7.1sp3, hopefully moving to sp6 soon, or RHDS 8) with large attribute
requirements (some attributes 25-30 Mbytes) who wants
Edward Capriolo wrote:
If you take a look at openldap it has dyamic 'overlays' .
http://www.openldap.org/doc/admin24/overlays.html#Dynamic%20Lists.
The main jist of it is that an LDAP Query can be saved in an object.
This is similar in my mind to an SQL View.
So nss_ldap would referece a
Kashif Ali wrote:
Hello All,
After spending a long weekend, configuring Fedora-DS to have central
autentication + Central home dirs, I now have two issues which I would
like to know if anyone can help me with.
1) Currently when adding a new user, I have to manually goto advanced
options
Edward Konetzko wrote:
Sorry if this already posted, I seem to be having trouble with email
today.
I have read the following pages and cannot exactly figure out how to
do what I want.
http://directory.fedoraproject.org/wiki/DNA_Plugin
dima vasiletc wrote:
Hello
When i try start dirsrv i have error
Failed to delete old semaphore for stats file
(/var/run/dirsrv/slapd-MY-DOMAIN-COM.stats). Error 13 (Permission
denied).
Note that this is referring to a semaphore that coordinates access to
the stats file, not the stats file
dima vasiletc wrote:
On 06/15/2009 08:08 PM, Nathan Kinder wrote:
dima vasiletc wrote:
Hello
When i try start dirsrv i have error
Failed to delete old semaphore for stats file
(/var/run/dirsrv/slapd-MY-DOMAIN-COM.stats). Error 13 (Permission
denied).
Note that this is referring
Dumbo Q wrote:
Erg.I thought I had it but it's something is blocking me from
doing this update. Can anyone help me find where my constraint is?
snip
[r...@rhds ~]# ldapmodify -x -W -D cn=DirectoryManager
dn: cn=testy,ou=users,ou=people,dc=mydomain,dc=com
changetype: modify
newRDN:
deleteOldRDN: 0.
*From:* Nathan Kinder nkin...@redhat.com
*To:* General discussion list for the 389 Directory server project.
fedora-directory-users@redhat.com
*Sent:* Monday, June 22, 2009 4:30:53 PM
*Subject:* Re: [389-users
On 07/09/2009 07:19 AM, Prashanth Sundaram wrote:
Dear fellow Fedora DS users and experts,
I am working on this new project where there is a two step process. We are
currently using a poorly managed OpenLDAP server for over 3 years and
planning to migrate to Fedora DS.
Scenario:
On 07/09/2009 09:35 AM, Prashanth Sundaram wrote:
Elaborating the Qs:
Question1:Since we have an existing LDAP server(OpenLDAP) and users were
logging in to other dev, prod and testing servers using the passwords
managed by this OpenLDAP server. I believe the way the member servers
remember the
On 07/13/2009 10:13 AM, Prashanth Sundaram wrote:
Hi,
Is it possible to have Fedora DS and have the password lookup
redirected to Active Directory? Some kind of proxy lookup. Take the
case of Mac OS X server and clients, they have Open Directory and the
password manager can authenticate
On 07/27/2009 01:55 PM, Randall Wood wrote:
The RedHat/FDS documentation suggests that FDS can use a dictionary of
unauthorized tokens in a password policy, although it does not seem
configurable.
Is there a dictionary that FDS uses, and is it possible to add words to
it if so desired?
That
On 08/05/2009 02:34 AM, Dharmin Mandalia wrote:
Hello
On my dir server, I am seeing lots of similar to below messages, how this
can be resolve so I don't see below error msg.. appreciate your help.
on dvfnds01 , is the supplier
# tail -f /var/log/dirsrv/slap-*/access
[05/Aug/2009:09:07:19
On 08/13/2009 05:12 PM, Edward Koko Konetzko wrote:
I am wonder if SNMP monitoring works in RHDS 8.1 if so I need some
help getting it working.
The docs I have been using are linked below
http://directory.fedoraproject.org/wiki/Howto:SNMPMonitoring
On 09/18/2009 08:10 AM, Kenneth Holter wrote:
Hi all.
I'm running Red Hat Directory Server 8.1.0, and are having some
problems with password syntax checking. When I don't enable the syntax
checking, everything works fine. But when I enable it it seems to
discard even pretty strong passwords.
On 11/10/2009 08:35 PM, John A. Sullivan III wrote:
Hello, all. I'm running CentOS Directory Server 8.1 on CentOS 5.4. For
some reason, the memberof plugin does not seem to be working on the
replica. My first suspicion is we have done something wrong but I
wonder if there is an error in the
On 11/18/2009 06:31 AM, Emmanuel BILLOT wrote:
Hi,
I used the logconv.pl utility to check our config, and it found a lot
of unindexed search.
In the access log file i found lines ::
[18/Nov/2009:15:27:28 +0100] conn=1565 op=10246 RESULT err=0 tag=101
nentries=132 etime=1 notes=U
On 12/01/2009 07:21 AM, Mitja Mihelic( wrote:
Hi!
I have set up SNMP on our server.
What platform are you on and what version of 389 are you using?
What does your configuration file look like for the ldap-agent
subagent? Did you configure it to communicate with snmpd via agentx?
Do
On 12/02/2009 05:47 AM, Sean Brady wrote:
OK, I see some helpful errors in the logs here:
linkedattrs-plugin - linked_attrs_parse_config_entry: The linkType
config setting is required for linked attribute pair cn=manager
link,cn=linked attributes,cn=plugins,cn=config.
[02/Dec/2009:06:19:24
On 12/03/2009 01:41 PM, Alan McKay wrote:
Hey folks,
The HOWTO refers to a script that is at the end of a dead link
http://directory.fedoraproject.org/wiki/Howto:MultiMasterReplication
And the Red Hat docs tell me to do something that causes an error.
On 12/03/2009 02:41 PM, Alan McKay wrote:
Well, I blew something.
http://www.redhat.com/docs/manuals/dir-server/8.1/admin/images/replagmt1.png
When I got to this point I did not see at the bottom the subtree
dc=example,dc=com I saw NetscapeRoot
Which means when I asked the other question
it), and access
control configuration of the master agent. Perhaps your community does
not have rights to see everything?
Mitja Mihelic wrote:
Nathan Kinder wrote:
On 12/01/2009 07:21 AM, Mitja Mihelic( wrote:
Hi!
I have set up SNMP on our server.
What platform
On 12/08/2009 09:09 AM, Rich Megginson wrote:
Andrey Ivanov wrote:
Hi,
2009/12/8 Rich Megginson rmegg...@redhat.com:
The 389 team is pleased to announce the availability of Release
Candidate 2 of version 1.2.5.
Well, this time the installation (compiled from sources) was ok. I've
also
78 matches
Mail list logo
