Re: [389-users] Manual help step by step
Hello: I have a document with the steps I followed but it is in spanish. If you can wait a few hours I will post it translated into english, ok? Kind regards, Alberto Suárez. تدريبك - دورات -شبكات - حاسبات wrote: Dear friends, Anyone can help me ? I have install the directory , on centos I want to make certs and install it on the server I have tried many ways but all not working , one way with p12 , when uploading the certificates it's both appear in the server tab even the CA . The other way with openssl in this case I can't upload the certificate on server tab its only appear on the CA tab . Also I want some help setting Acyls Like I want to have many admins each one can control his group no access for the other groups Many thanks in advance . -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] winsync: differences between 1.2.11.15 and 1.3
Hi 389ers,I have a lab scenario with one server running version 1.3 on Fedora19. My production servers still use 1.2.11.15 and run on CentOS. I've created oneway sync agreements FROM Windows2003 , in both cases with the same params: windows sync user, windows host, ds subtree and windows subtree. But I've noticed that in version 1.3 sync does not work, all users are reported to be "out of scope" even when the same sAMAccountName/uid is found. Ex:v1.3"[18/Jul/2013:12:59:15 +0200] NSMMReplicationPlugin - agmt="cn=ad5" (ad5:389): windows_process_dirsync_entry: windows inbound entry CN= has the same name as local entry uid= but the windows entry is out of the scope of the sync subtree [dc=DOMAIN] - if you want these entries to be in sync, add the ntUser/ntGroup objectclass and required attributes to the local entry, and move the windows entry into scope"v1.2.11.15[18/Jul/2013:13:31:00 +0200] NSMMReplicationPlugin - agmt="cn=ad5" (ad5:389): map_entry_dn_inbound: looking for local entry matching AD entry [CN=][18/Jul/2013:13:31:00 +0200] NSMMReplicationPlugin - agmt="cn=ad5" (ad5:389): map_entry_dn_inbound: looking for local entry by guid [155e86afca9f2141af71624d7f55a44c][18/Jul/2013:13:31:00 +0200] NSMMReplicationPlugin - agmt="cn=ad5" (ad5:389): map_entry_dn_inbound: found local entry [uid=]Sorry about the different timestamps, but the user under was the same in both cases. So, same agreement in version 1.2.11.15 syncs the users (from Windows always) perfectly. I've deleted and recreated the agreements in both sides, just in case I mispelled something,but still the same results. What has changed , or better, where did I go wrong?Regards!-- Juan Carlos Camargo Carrillo.@jcarloscamargo957-211157 ,650932877-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Manual help step by step
Alberto, I did mistake you for the person asking for help, sorry for the confusion. Dan On Jul 18, 2013, at 8:20 AM, Alberto Suárez asua...@gobiernodecanarias.org wrote: Hi Dan, I'm afraid there is a little misunderstanding here. I just offered my notes to the person asking for assistance in setting up 389. It is not me who is asking for help. I'm sorry if I caused any confussion with my answer to that request. Thank you anyway... Alberto. Dan Lavu wrote: Alberto, I do not have the time to walk you through something like this, it'd be best if you stated what the error message and the step you do not understand. You are not going to learn anything if I walk you through it, and it will not benefit you if you do not learn the software assuming you are the administrator. Dan On Thu, Jul 18, 2013 at 4:39 AM, Alberto Suárez asua...@gobiernodecanarias.org mailto:asua...@gobiernodecanarias.org wrote: Hello: I have a document with the steps I followed but it is in spanish. If you can wait a few hours I will post it translated into english, ok? Kind regards, Alberto Suárez. تدريبك - دورات -شبكات - حاسبات wrote: Dear friends, Anyone can help me ? I have install the directory , on centos I want to make certs and install it on the server I have tried many ways but all not working , one way with p12 , when uploading the certificates it's both appear in the server tab even the CA . The other way with openssl in this case I can't upload the certificate on server tab its only appear on the CA tab . Also I want some help setting Acyls Like I want to have many admins each one can control his group no access for the other groups Many thanks in advance . -- 389 users mailing list 389-users@lists.fedoraproject.__org mailto:389-users@lists.fedoraproject.org https://admin.fedoraproject.__org/mailman/listinfo/389-users https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.__org mailto:389-users@lists.fedoraproject.org https://admin.fedoraproject.__org/mailman/listinfo/389-users https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Manual help step by step
Dear Alberto , Please read this : we need to run multi domain ldap where each domain will have an admin group who can do everything and the user can change only passwords. We need to know how to write the ACL for such scenario. Each domain will be represented by O=domain and then we will have ou=people and we will have admin group under the groups. Each domain will have this structure. Best regards , Husam -Original Message- From: 389-users-boun...@lists.fedoraproject.org [mailto:389-users-boun...@lists.fedoraproject.org] On Behalf Of Alberto Su?rez Sent: Thursday, July 18, 2013 6:17 PM To: General discussion list for the 389 Directory server project. Subject: Re: [389-users] Manual help step by step Hello, please find attached my notes. Please, bear in mind that these are the steps I followed to install 389 in Centos 6.3. I have tried to document a procedure that works, but I can not guarantee the instructions provided will work in your particular setup. Please, do not hesitate to get back to me if you get lost with my document. I will try to help as much as I can. Good luck. تدريبك - دورات -شبكات - حاسبات wrote: Dear friends, Anyone can help me ? I have install the directory , on centos I want to make certs and install it on the server I have tried many ways but all not working , one way with p12 , when uploading the certificates it's both appear in the server tab even the CA . The other way with openssl in this case I can't upload the certificate on server tab its only appear on the CA tab . Also I want some help setting Acyls Like I want to have many admins each one can control his group no access for the other groups Many thanks in advance . -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Manual help step by step
Dear Dan , Please read this : we need to run multi domain ldap where each domain will have an admin group who can do everything and the user can change only passwords. We need to know how to write the ACL for such scenario. Each domain will be represented by O=domain and then we will have ou=people and we will have admin group under the groups. Each domain will have this structure. Best regards , Husam From: 389-users-boun...@lists.fedoraproject.org [mailto:389-users-boun...@lists.fedoraproject.org] On Behalf Of Dan Lavu Sent: Thursday, July 18, 2013 3:31 AM To: 'General discussion list for the 389 Directory server project.' Subject: Re: [389-users] Manual help step by step They are plenty of step by step instructions to do what you are trying to do. You can refer to the Red Hat documentation or the 389 documentation. http://directory.fedoraproject.org/wiki/Howto:SSL Also it is normal for the CA certificate to show up in the server tab if you generated the CA certificate on the LDAP server, any certificate with the private key in the database will appear as a server certificate. For example when you export the CA and move it to a second server it will not show up in the server tab then. In addition, when generating a CSR using the GUI (idm console) you must stick with it, because the CSR will create the key in the db. If you are pursuing the command line using certutil, you must convert the x509 certificates (three files usually, private, public and ca into pkcs12 format. Here is a link to understand and configure ACIs. http://directory.fedoraproject.org/wiki/Howto:AccessControl I hope this helps. Dan From: 389-users-boun...@lists.fedoraproject.org [mailto:389-users-boun...@lists.fedoraproject.org] On Behalf Of ?? - ? -? - ?? Sent: Wednesday, July 17, 2013 7:38 PM To: 389-users@lists.fedoraproject.org Subject: [389-users] Manual help step by step Dear friends, Anyone can help me ? I have install the directory , on centos I want to make certs and install it on the server I have tried many ways but all not working , one way with p12 , when uploading the certificates it's both appear in the server tab even the CA . The other way with openssl in this case I can't upload the certificate on server tab its only appear on the CA tab . Also I want some help setting Acyls Like I want to have many admins each one can control his group no access for the other groups Many thanks in advance . -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users