FDS User Folks,
I have written a script to help to create a startconsole.bat.
You have to run this script at RedHat server, it expects a startconsole.txt
which is the output of RedHat startconsole -D command, and it generates
startconsole.bat.
You should edit /opt/fedora-ds in this script to
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tay, Gary
Sent: Thursday, July 07, 2005 11:53 AM
To: Sam Tran; General discussion list for the Fedora Directory server project.
Subject: **Caution-External**: RE: [Fedora-directory-users] Open-source
Management
I use FDS 7.1 comes with IBM JRE 1.4.2 on my 128MB RAM, PIII RHEL4 PC to
run TWO startconsole sessions, ONE from local console, THE OTHER from
a Windows XP PC using VNC viewer over SSH (PuTTY), I have around 200
dn: entries in LDAP DIT.
I did not experience any slowness in BOTH X Windows
You wrote:
===
Later, when you start the server on the command line,
this second password is required.
===
I suspect something was not done properly, I may not wrong.
If the slapd-`hostname`-pin.txt has been setup correctly, ./start-slapd
will NOT prompt you for any SSL Security DB private key
IIRC the two .schema files in my OpenLDAP HOW-TO is actually equivalent
to the 99user.ldif (residing in
$LDAP_ROOT/slapd-`hostname`/config/schema) file provided by SUN ONE
DS5.2, i.e.
DUAConfigProfile.schema + solaris.schema = 99user.ldif.
So if there is an existing Solaris8/9 DS5.2 server,
out if you are using Solaris10.
http://docs.sun.com/app/docs/doc/816-4556/6maort2te?a=view
Have funs and good lucks!
Rgds
Gary
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tay,
Gary
Sent: Friday, July 15, 2005 12:39 PM
To: General discussion list
Sorry, one correction on the content of /var/ldap/ldap_client_cred.
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=example,dc=com
NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c411
-Original Message-
From: Tay, Gary
Sent: Friday, July 15, 2005 7:53 PM
To: 'General discussion list for the Fedora
Leon wrote:
===
if i use ldapsearch -x -Z '(uid=Administrator)' i get the right entry,
i suppose the same entry found with the other command:
[EMAIL PROTECTED] ~]# ldapsearch -x -Z
'(uid=Administrator)'
ldap_start_tls: Protocol error (2)
additional info: unsupported
Adam,
I suggest you put a notice at http://people.redhat.com/astokes/samba_rhds.html
advising reader to this page your latest updates could be found at
http://directory.fedora.redhat.com/wiki/Howto:Samba
http://directory.fedora.redhat.com/wiki/Howto:Samba .
Rgds
Gary
-Original
I have seen those messages, they are gone after applying LDAP patch, did
you apply OS and LDAP patches?
The starting point to configure Solaris8 or Solaris9 Native LDAP
Clients, against any type of LDAP Servers, be it FDS, OpenLDAP or SUN
ONE, is the SAME:
To apply latest OS kernel patch and
I have successfully configured Solaris8 Native LDAP Client to work
against FDS7.1, Below are what what I have experienced and observed.
It appears to me that 108993-48 LDAP patch breaks the ldapclient -P
command.
1) The ldapclient -P ... command line which downloads LDAP profile
from LDAP
To achieve the same result of this:
===
import:
--
dn: cn=config
changetype: modify
replace: passwordstoragescheme
passwordstoragescheme: CRYPT
--
===
You could simply go into FDS7.1 admin server, open directory server,
click config (XXX
0) As mentioned in previous email, use ldapclient -i, not ldapclient
-P.
Make sure you have the following TWO ACLs assigned to the baseDN,
dc=comosers,dc=foo,dc=com, actually FIRST ONE is needed, SECOND ONE is
to secure naming service.
Note that these two ACLs are NOT my creation, they exist in
Tell us what is in setup/setup.log.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of gokul
nath
Sent: Thursday, August 25, 2005 1:17 PM
To: fedora-directory-users@redhat.com
Subject: [Fedora-directory-users] Unable to login to
interface..HELP!
You wrote:
===
after configuring all the details.
===
Pls provide all the details.
Gary
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tay,
Gary
Sent: Thursday, August 25, 2005 1:19 PM
To: General discussion list for the Fedora Directory server project
Thanks for the info, I did say USED TO WORK VERY WELL.
I remembered it worked for me once or twice for a default profile
using simple bind, after that when I tried to enhance it to TLS
profile using tls:simple bind, it started to sing song. Again I wish
you could prove me wrong the next moment.
^Patch: 108993-48
Patch: 108993-48 Obsoletes: 108827-40, 108991-18, 109322-09, 109461-03,
111641-0
[...]
--- Tay, Gary [EMAIL PROTECTED] wrote:
0) As mentioned in previous email, use ldapclient -i, not
ldapclient
-P
for the Fedora Directory server project.
Cc:
Subject: RE: [Fedora-directory-users] getting solaris 8 to talk to FDS
--- Tay, Gary [EMAIL PROTECTED] wrote:
I think you should put objectclass=* (search filter) at the end, see
man
project.
Cc:
Subject: RE: [Fedora-directory-users] getting solaris 8 to talk to FDS
This is gonna be lng... I just want to thank you guys again for
wading thru this
crap...
--- Tay, Gary [EMAIL PROTECTED] wrote:
===
Do you still think
listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: fd 5 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 10
--- Tay, Gary [EMAIL PROTECTED] wrote:
What
==
well, I decided to turn off the nscd completely, while I'm testing.
==
GT: Pls run nscd, without it LDAP name service may not work, after running
nscd, check if id testdba shows the expected result, you may add debug
keyword to all lines in /etc/pam.conf to observe all possible
===
The system is using dhcp, btw. Could that be the problem?
===
GT: I do not think it is logical to run an OpenSSH Server on a DHCP
Client with possibly varying IP address, please use Static IP.
==
I dont have SSD attributes. 99user.ldif is in the schema directory but
none of those attributes
Yes it would be a superset containing schema definitions of
DUAConfigProfile and nisDomain attributes and objectclasses, ONLY if you
have run idsconfig. When I first tried configuring Solaris8 LDAP
Client against FDS I copied over the 99user.ldif from SUN iDS install,
and it actually worked.
BUT
Assuming you are using posixGroup objectclass and memberUid attribute to
store your membership information, you may find my shell script useful
and handy.
It works on Solaris LDAP Client with ldapaddent and ldaplist
commands, and works against FDS, SUN DS or OpenLDAP.
#! /bin/sh
#
#
While trying it against SUN ONE DS5.2, it actually worked, and below are the
lessons learned:
0) Make sure Solaris8 Native LDAP Client has latest kernel and LDAP Patch
108993-49.
1) Did you change this ACL? this is a workaround to make pam_ldap work with
account management.
In FDS, open
I believe the ACL and another one, see related post, are added by SUN DS5.2
idsconfig command (iPlanet Directory Server Config), since FDS7.1 does not
provide this command, these two ACLs do not exist, you could simply add them in
at the dc=example,dc=com (defaultSearchBase) level, using copy
Title: Message
FDS is very similar to SUN ONE DS5.2, I think netgroup ([EMAIL PROTECTED]XXX
in /etc/passwd and /etc/shadow and "compat" keyword in /etc/nsswitch.conf) LDAP
maps could be setup to achieve what you want, it has been used by many DS5.2
administrators
See:
Pls take a look at:
OpenSSH LDAP Public Key Patch
http://www.opendarwin.org/projects/openssh-lpk/
If you have success installing and using it, pls share with us later.
Gary
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jimmy
Sent: Tuesday, December
Title: Are these messages in errors log critical?
I have managed to setup SSL config and started slapd, the followings appear in errors log, may I know if they are critical errors?
Gary
[12/Apr/2006:05:58:12 -0400] - Fedora-Directory/1.0.2 B2006.060.1925 starting up
[12/Apr/2006:05:58:12
Title: Automated script for complementing SSL HowTo
FDS Folks,
I wrote this script for the benefits of all.
Gary
Content of cr_ssl_certs_fds1ldap.sh
#! /bin/sh
#
# cr_ssl_certs_fds1ldap.sh
#
# 1) Make sure 'root' is used to run this script
# 2) Make sure /home/ldap/dirmgr.pwd
Title: Another one-button script - rebuild_fds.sh
FDS Folks,
Another automated script from me.
Gary
#! /bin/sh
#
# rebuild_fds.sh - ReBuild Fedora Directory Server
#
# Gary Tay
#
# NOTE: This script will rebuild a FDS Server compatible with BOTH
# RedHat and Solaris LDAP Clients
I couldn't find setupssl.sh anywhere on the HowTo SSL link.
Anyway, I have written cr_ssl_certs.sh which works for both FDS and
SUN-ONE DS, and this script will create also the Admin Server SSL Cert
(the same as slapd), once you have used Admin Console to enable SSL for
Admin Server at Encryption
Sorry for being blind, I found the script at the very first This
word. May be This should be changed to This setupssl.sh, just to
help people like me.
Gary
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tay,
Gary
Sent: Thursday, April 20, 2006 4:46 PM
Title: Message
Version 2 of this script has been renamed cr_ssl_certs.sh and works for
both FDS and SUN-ONE DS, check it out at:
https://www.redhat.com/archives/fedora-directory-users/2006-April/msg00145.html
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL
34 matches
Mail list logo