Re: [389-users] X11 forwarding refused
On Apr 17, 2013 4:24 AM, "Aziza Lichir" wrote: > > hello, > > I'm new to this project and i would like to know how to use DS-389 without the graphical interface in CentOs6. > > Thank you > -- > > > ___ > > Aziza Lichir > > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users I have had good experience with Apache Directory Studio for managing 389, including cn=config. Most of it still comes down to management via LDIFs, but it has a built in IDE type editor for LDIF files which takes away some of the painfulness. I did use the 389 interface at first to see how it created records so I could mimic the defaults. I did not try doing the initial setup outside the 389 interface, but using it via X11 forwarding worked well. - Trey -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] Issue creating new users on 389 DS running on Ubuntu Server 12.04
I'm having a really weird issue where any new user I create in 389 DS is not able to browse the directory. What I mean is that the user binds without any issue, but when you use any directory browser client the user sees nothing in the tree. Also, I've been collaborating with a few in house developers who are writing LDAP auth into their applications - and for both (Java and Perl using the LDAP libraries) they get the same behavior - they are able to bind but the directory is empty. Now if you use any user account that was created before (maybe a week or two ago - I'm not sure) then everything suceeds without any issue. Also, I have a replication consumer and if I connect to it with the new credential everything works fine as well. Using Apache Directory Studio (it's mainly what I use for troubleshooting when 389-console breaks) when I try to connect the error I get is: "Missing schema location in RootDSE, using default schema" Apparently it is referring to the subschemaSubentry attribute in the RootDSE - I can verify that it is there however and seems to be readable by all including anonymous. If I use the JNDI provider for apacheDS then I get the same error followed by 4 LDAP error 53s (unwilling to perform). Any ideas? This is our production LDAP server and I'm getting a bit desperate, I have backups from every week and I'm considering just turning it back until the issue disappears - but it would forever trouble me not to figure out what happenned and how to fix it in the future. Thanks in advance for any input. Andrei Wasylyk Systems Analyst -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] X11 forwarding refused
Winsync require LDAPS for password sync. This domain user needs some privileges in ad - modifying, read, write on the synced subtree. >From ds point of view you configure normal user account for needs of sync with ad. This user doesn't need to be in your organization tree. You can place him in cn=config. I usually create account like cn=adsyncuser, cn=config without ocjectclasses providing normal system account attributes. Hope this helps you 17 kwi 2013 16:40, "Aziza Lichir" napisał(a): > Hey, > Thanks for your quick answer, for the moment I installed the 389 console > on a WindowsXP machine and i want to know if i can replicate users from AD > knowing that i only use a normal user account and without activating Ldaps ? > > thanks for your help > > > *___* > ** > *Aziza > * > * > * > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] X11 forwarding refused
It will be painful but you can use ldap* commands and write all actions in LDIF syntax. Look in directory server admin guide for more detail information about ocjectclasses and attributes. 17 kwi 2013 11:24, "Aziza Lichir" napisał(a): > hello, > > I'm new to this project and i would like to know how to use DS-389 without > the graphical interface in CentOs6. > > Thank you > -- > > > *___* > ** > *Aziza Lichir* > * > * > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] X11 forwarding refused
hello, I'm new to this project and i would like to know how to use DS-389 without the graphical interface in CentOs6. Thank you -- *___* ** *Aziza Lichir* * * -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Can i use Same Certificate for all my ldap server
On 16.4.2013 23:10, Kyle Flavin wrote: On Tue, Apr 16, 2013 at 2:04 PM, Rob Crittenden wrote: expert alert wrote: Hi I am planning to deploy all my ldap server by puppet. so I am wondering, Can i use Same Server Certificate and CA certificate (Directory server) for all my server ??? if yes, then under which directory shall i place those certificate ?? Although it is technically possible, it is not recommended. All servers will share the same private key, so the chance that the key will be compromised is bigger - you need to transfer the key securely from one server to another etc. Could you explain your use case? I'm curious :-) -- Petr Spacek -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
