Hi Guys
yes, its been sorted now .
the issues was Anynomouse acl , after I set it, all are fine.
Thanks Again.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
Hi Predrag
I just realized that from server itself i can do search without
providing BindDN and password.
But Cant do this from client
example bellow from Server itself
[root@puppet-1 slapd-puppet-1]# ldapsearch -xZZZ
# extended LDIF
#
# LDAPv3
# base (default) with scope subtree
# filter: (
Hi Arpit,
as you can see, when i am not definning any Cn=directory Manager +
password its failling to show all the entries.
Bellow does not show any Entries :
[root at test ~]# /usr/bin/ldapsearch -xZZ -b 'dc=fosiul,dc=lan'
-
# extended LDIF
#
# LDAPv3
# base with scope
Further to this :-
As you can see, bellow should give me the full Entry , but it does not ..
[root@test ~]# /usr/bin/ldapsearch -xZZ -b 'dc=fosiul,dc=lan'
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 3
result: 0 S
Hi,
Bellow is my /etc/openldap/ldap.conf
URI ldap://puppet-1.fosiul.lan/
BASE dc=fosiul,dc=lan
TLS_CACERTDIR /etc/openldap/cacerts
tls_cacertfile /etc/openldap/cacerts/CRT.crt
Dont i need to Bind this cn=Directory manager with ssl'/TLS search ??
Something like this
Overview of Autobind and LDAP
Hi
Thanks for reply.
Anonymous bind looks on to me
from dse.ldif
nsslapd-allow-anonymous-access: on
Bellow is the result :
I get result with this :--
/usr/bin/ldapsearch -xZZ -D 'cn=Directory Manager' -w '' -b
'dc=fosiul,dc=lan'
But No result with :-
---
Hi All,
I refer to my this question
https://lists.fedoraproject.org/pipermail/389-users/2013-December/016572.html
I have setup fedora 389 Directory server to use SSL/TLS
and i can perfom search by using
/usr/bin/ldapsearch -xZZ -D 'cn=Directory Manager' -w 'x' -b
'dc=fosiul,dc=lan'
but
Hi
Thanks for the quick Reply. I was thinking that same that some where
its missing the Bind dn
and I can conferm that, its working with definning
binddn and bindpw in ldap.conf
but ,
I confiered this before and I never had to define binddn and bindpw
in any where in ldap.conf and as you said
Hi
Thanks for the quick Reply. I was thinking that same that some where
its missing the Bind dn
and I can conferm that, its working with definning
binddn and bindpw in ldap.conf
but ,
I confiered this before and I never had to define binddn and bindpw
in any where in ldap.conf and as you said
Hi,
I need some help urgnelty.. as no idea why its acting funy.
as far I belive, I have setup ldap server properly in test
environment, but actiting wired.. no idea why ...
example
[root@test ~]# id tuser
id: tuser: No such user
bellow command shows the correct info :
[root@test ~]# /usr
Hi
I am using bellow version of rpm
idm-console-framework-1.1.7-2.el6.noarch
and I need to generate 2048 bit CSR via 389 console.
Bellow link is showing a patch, but dont understand how to install it.
https://fedorahosted.org/389/ticket/362
Can any one please show me some light on this ??
Thanks
Extra info :
While looking at net I got this
http://directory.fedoraproject.org/wiki?title=MemberOf_Multiple_Grouping_Enhancements&redirect=no
dn: cn=MemberOf Plugin,cn=plugins,cn=config
...
memberofgroupattr: member
memberofgroupattr: uniqueMember
memberofattr: memberOf
But still it does not al
Hi,
I have installed this test ldap and I am trying to add UniqueMember
under a PosixGroup
but its saying, i am not allowed bellow is error:
"according to the schema attribute uniqueMember is not allowed"
I guess, I need to add UniqueueMemberof plugins,
But dont understande the Syntax.
Can an
>
>1. Unable to open 389 Console after running setupssl2.sh
> (fosiul alam)
>2. Re: Unable to open 389 Console after running setupssl2.sh
> (Predrag Zecevic [Unix Systems Administrator])
>
>
> -------
Hi,
I have created the certificate by using
"https://raw.github.com/richm/scripts/master/setupssl2.sh";
and it working fine,
But I need to get the CA certificate in pem format which will have to
in /etc/openldap/cacertificate directory as I get this when trying to
setup ldap authentiation
To co
Hi
I would really appreciated if any one can help me out here.
I have installed fedora directory server
389-dsgw-1.1.10-1.el6.x86_64
389-ds-base-1.2.9.14-1.el6.x86_64
389-ds-console-doc-1.2.6-1.el6.noarch
389-ds-base-libs-1.2.9.14-1.el6.x86_64
389-ds-console-1.2.6-1.el6.noarch
389-ds-1.2.2-1.el6.
Hi Bellow is my sssd.conf
with bellow setting, user cant login.
but if i remove ldap_access_filter , then all user can access
What i am doing wrong...
i just want user from "techops" group to access this server..
any help will be really grateful .
[sssd]
config_file_version = 2
services = nss,
Hi
We most use password less ssh authentication and in our /etc/ldap.conf
file we have bellow line
uri ldap://auth1.uk..lan/ ldap://auth2.uk..lan/
Now problem is, if there is any issues auth auth1 , Authentication failes
Theoretically, if auth1 failes then authentication should come fro
Hi
I am in the process of installing 10 ldap server, while installing some
times, i get bellow error ,
auth4... server already stopped[FAILED]
*** Error: 1 instance(s) unsuccessfully stopped [FAILED]
Starting dirsrv:
auth4...[13/May/2013:20:13:33 +0200] - SSL
HI
I have already installed dirsrv and its running in production with ssl
certificate on.
when i restart dirsrv , its ask to provide the pin for the token.
how can i create the pin.txt with password so that dir server starts
automatically without providing the pin ??
i tried to create here , but
quired pam_unix.so
but no luck ..
Thanks for further help
On Tue, Mar 26, 2013 at 10:02 AM, Arpit Tolani wrote:
> Hello
>
> On Mon, Mar 25, 2013 at 9:34 PM, Fosiul Alam wrote:
> > Hi
> > pam_groupdn is not working on some of my centos 6.2 server.
> >
> > fr
try), then you can list it:
>
> ldapsearch -D "Directory Manager" -W -b
> "cn=nsPwPolicyContainer,People,dc=DOMAIN,dc=com"
> "(&(objectclass=ldapsubentry)(cn=$User))"
>
> Variables:
> SLAPD=instance_name
> User=User_CN # for me it is "Pred
ming you have password expiration configured, the attribute
> passwordExpirationTime holds a datetime value for when the password will
> expire.
>
> -Original Message-
> From: 389-users-boun...@lists.fedoraproject.org
> [mailto:389-users-boun...@lists.fedoraproject.org] On Behalf
Hi
I just wanted to know whats the best practice to make sure all Slave
as same data as master.
while reading on google, i got bellow command also 1 script to
monitor ldap replication status.
[root@blob]# ldapsearch -x -b "cn=mapping tree,cn=config" -D
"cn=Directory Manager" -w
Hi Expert
We have 389 server installed with ssl enabled.
When we try to change password from centos 5 servers its fine . but
from centos 6, i get bellow error :
Changing password for user testuser
Enter login(LDAP) password:
New password:
Retype new password:
LDAP password information update fail
Hi Expert
We have 389 server installed with ssl enabled.
When we try to change password from centos 5 servers its fine . but
from centos 6, i get bellow error :
Changing password for user testuser
Enter login(LDAP) password:
New password:
Retype new password:
LDAP password information update fail
HI
I am trying Initialise consumer and i am seeing this in the master server :
Unable to parse the response to the startReplication extended
operation. Replication is aborting.
Incremental update failed and requires administrator action
NSMMReplicationPlugin - Beginning total update of replica
Hi Arpit,
Thanks to reply
Master server already have ssl certificates ( ca certs)
how do i copy those into slave ??
Whats the procedure ??
Thanks
On Tue, Feb 19, 2013 at 12:03 PM, Arpit Tolani wrote:
> Hello
>
> On Tue, Feb 19, 2013 at 5:16 PM, Fosiul Alam wrote:
>> Hi Expert,
Hi Expert,
i just want some guidance about how to setup slave and start the replication.
we have a master server which is already running.
now i want to setup a slave
what will be the best way to do this ?? (example copying cert files )
just copy from master to slave will work ?? or do i need
base
>
> This describes this script in human readable format. Best souce of DS
> knowledge im my opinion is red hat docs.
>
> If you provide information on what you need to backup, then I'm sure someone
> will provide syntax for your case.
>
> Greg.
>
> Send from h
Hi
I know you can take a backup of full directory server by using
db2bak.pl
but dont understand what will be syntax
i checked the helped file but no luck
So when i do this
/var/lib/dirsrv/slapd-ldap-2/bak/ldap-2-2012_8_3_10_13_5
ldapmodify: started Fri Aug 3 10:13:05 2012
and they
> provide something like transactions in databases - I noticed this myself.
> All operations on entry must be correct or none will be applied.
>
> Greg.
>
> send from htc desire z
>
> 14-08-2012 13:40, "Fosiul Alam" napisał(a):
>>
>> Hi
>>
Hi
the theme of this script is , i need to modify uid , password, loginshell
example
ldapsearch -xZZ -D "cn=Directory Manager" -w 'testtest' -b
"dc=fosiul,dc=lan" "(cn=Fosiul Alam)" loginshell uid userPassword
# extended LDIF
#
# LDAPv3
# base with
production your
> filter will be diferent.
>
> Greg.
>
> Send from htc desire z
>
> 13-08-2012 13:46, "Fosiul Alam" napisał(a):
>
>> Sorry I know what you meant
>>
>> my lab is different then the production
>>
>> its only take mebe
Sorry I know what you meant
my lab is different then the production
its only take meberUid=falam
thats it
On Mon, Aug 13, 2012 at 12:38 PM, Fosiul Alam wrote:
> Hi okelet
> did you mean
>
> ldapsearch -xZZ -D "cn=Manager" -w 'x'
> "member
hould be:
>
> member=uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
> uniqueMember=uid=falam,ou=users,l=uk,dc=fosiul,dc=lan
> memberUid=falam
>
> as memberUid is designed to contain only the user uid, not the DN.
>
> Regards.
>
>
> 2012/8/13 Fosiul Alam :
>> i have c
n"
but there is user call falam under memberUid
but no idea why it does not return
any idea to troubleshoot ??
On Mon, Aug 13, 2012 at 12:16 PM, Fosiul Alam wrote:
> i have chagned base to dc=fosiul,dc=lan
>
> also this
>
>
> ldapsearch -xZZ -D "Manager" -w
e, then no entries match the filter.
>
> Regards.
>
>
> 2012/8/13 Grzegorz Dwornicki :
>> Hi
>>
>> He ment BASE directive in /etc/openldap/ldap.conf
>>
>> Greg.
>>
>> Send from htc desire z
>>
>> 13-08-2012 12:52, "Fosiul Ala
er "-b" in ldapsearch:
>
> ldapsearch -xZZ -D "cn=Directory Manager" -w 'testtest' -b "l=uk"
> "uniqueMember=uid=falam,ou=users,l=uk,dc=fosiul,dc=lan"
>
> Or change the default values in ldap.conf.
>
> Regards.
>
> 2012/8
Hi Bellow search should return some result ( and its working on my test lab)
but in production server .. i believe its getting the wrong base :
# # base (default) with scope subtree
it should be l=uk.
bellow is the search :
ldapsearch -xZZ -D "cn=Directory Manager" -w 'testtest'
"uniqueMember=u
Hi
I need some idea how to do this .
I know how to delete a user from a group.
but problem is
I am trying to write a script which will delete user from different group..
also there is a problem
Some users in added as uniquemeber and some users has been added a mumberUid"
but dont understand ..
rch -x '(uniquemember=jsmith)'
>
> Greg.
>
> Send from htc desire z
>
> 08-08-2012 16:23, "Fosiul Alam" napisał(a):
>
>> Hi thanks
>> but thats not giving me result of all the groups this user belong to ??
>>
>> will really appropriat
ery. I am asking for all ldap content and filter it aginst persons,
> posixgroups and users/groups containers.
>
> What i ment is you can do this task in many ways :)
>
> Greg.
>
> Send from z htc desire z
>
> 08-08-2012 14:35, "Fosiul Alam" napisał(a):
>>
sire z
>
> 08-08-2012 14:25, "Fosiul Alam" napisał(a):
>
>> Hi
>> Is there any way to make ldif from production server
>> then run this on this test server??
>>
>> Fosiul
>>
>> On Wed, Aug 8, 2012 at 1:03 PM, Grzegorz Dwornicki
>>
.
>
> wiadomosc wyslana z htc desire z
>
> 08-08-2012 13:41, "Fosiul Alam" napisał(a):
>>
>> Hi
>> I have a running Fedora 389 Server
>>
>> I want to create a test server but i want to have the same data from
>> My production server
>>
>&
Hi
I have a running Fedora 389 Server
I want to create a test server but i want to have the same data from
My production server
So i am thinking
if i take a backup of production server
then create a a new 389 instances then restore from that backup in to
new 389 instance
will it work ??
Thanks
Hi
thanks its works fine. perfectly
Thanks for your help
On Sun, Aug 5, 2012 at 7:24 PM, Fosiul Alam wrote:
> Hi thanks for the script
>
> one thing i am still confused is
> suppose i want to give password "test123" as default password at time
> of user creating
ange:
>
> slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n
>
> paremeter of -c option defines salt. In my experience i saw many Linux
> distros having diferent salt. Part "$6$" is required (look in man page of
> crypt function) and &
d ..
>>
>> But dont understand .. whats the way to do that
>> From GUI interface i can create password easily
>> so whats the syntax to create userpassword ??
>>
>> Regards
>>
>>
>> On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
>> wrot
??
Regards
On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
wrote:
> Perhaps use slappasswd?
>
> On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:
>> Hi
>> I am generating the ldif by script.
>> but i cant understand how will i generate the userpassword.
&
Hi
I am generating the ldif by script.
but i cant understand how will i generate the userpassword.
userPassword: {crypt}x
how this crypt or hash working
Please give me some lights on this.
Regards
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mai
: {crypt}x ???
On Sat, Aug 4, 2012 at 9:31 PM, Fosiul Alam wrote:
> HI
> its looks ok
> its works now with this entry
>
> dd: uniqueMember
> uniqueMember: uid=aalam,ou=users,l=UK,dc=fosiul,dc=lan
>
> thanks for your help .
>
> really appreciate ..
>
>
> On S
HI
its looks ok
its works now with this entry
dd: uniqueMember
uniqueMember: uid=aalam,ou=users,l=UK,dc=fosiul,dc=lan
thanks for your help .
really appreciate ..
On Sat, Aug 4, 2012 at 9:24 PM, Fosiul Alam wrote:
> Hi thanks
> its works but the entry is different
>
> have a
fosiul,dc=lan
> changetype: modify
> add: memberuid
> memberuid: yalam
>
> Greg.
>
>
> 2012/8/4 Fosiul Alam
>>
>> HI thanks
>> Just one more question .. then i should be able to finish ..
>>
>>
>> Adding user is fine .
>> So when I
se directory manager has DN "cn=Directory Manager". It is normal, nothing
> strange here because directory manager does not need entry in ldap tree.
>
> Greg.
>
> Send from htc desire z
>
> 04-08-2012 21:06, "Fosiul Alam" napisał(a):
>
>> Hi
>&
Hi
this is strange , this syntax works
ldapmodify -xZZ -a -D "cn=Directory Manager" -w testtest -f add.ldif
On Sat, Aug 4, 2012 at 7:27 PM, Fosiul Alam wrote:
> Hi Thanks for quick reply
>
> ldapadd -xZZ -D "cn=Directory Manager" -W -f add.ldif
> Enter LDAP Pas
erPassword: {crypt}x
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
On Sat, Aug 4, 2012 at 7:22 PM, Grzegorz Dwornicki wrote:
> Try this:
>
> ldapadd -xZZ -D "cn=Directory Manager" -W -f add.ldif
>
> Greg.
>
> wiadomosc wyslana z htc desire z
>
> 04-08-2012 2
e:
> Look what account you typed in ldapsearch and ldapadd. Both should be
> "cn=Directory Manager". But in ldapadd you use other perhaps non existing
> account.
>
> Greg.
>
> Send from htc desire z
>
> 04-08-2012 19:41, "Fosiul Alam" napisał(a):
cn=Directory Manager" as -D paameter for ldapadd aswell not
> "cn=Directory Manager,l=UK,dc=fasiul,dc=lan" like you used in ldapadd.
>
> Greg.
>
> Send from htc desire z
>
> 04-08-2012 19:27, "Grzegorz Dwornicki" napisał(a):
>
>> wiadomosc wyslana z
Sorry What are you saying ???
Did not understand
On Sat, Aug 4, 2012 at 6:27 PM, Grzegorz Dwornicki wrote:
> wiadomosc wyslana z htc desire z
>
> 04-08-2012 18:47, "Fosiul Alam" napisał(a):
>
>> Hi Thanks for reply
>> If you see the search
>> ldap
anks
On Sat, Aug 4, 2012 at 5:00 PM, Grzegorz Dwornicki wrote:
> It looks like you are using wrong directory manager DN. Maybe you have
> administrator named just "cn=Directory Manager"?
>
> Greg.
>
> Send from htc desire z
>
> 04-08-2012 15:52,
iul.lan
dn: uid=falam,ou=users,l=UK,dc=fosiul,dc=lan
givenName: Fosiul
sn: Alam
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 6000
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
uid: falam
cn: Fosiul Alam
homeDirec
ectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
uid: falam
cn: Fosiul Alam
homeDirectory: /home/falam
userPassword:: e1NTSEF9MkpYSGI2bSs3OFk5SlcySG1kOVcxdjFVUFVHMVA3eXI0dFQvZ2c9PQ=
=
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntrie
Hi thanks
I m thinking to use simple bash script to create a ldif file.
I think that canbe done .. But could you please tell me what would be the
structure of ldif file , suppose if i want to create a user call john smith
under bellow structure
> ou=users,l=uk,dc=fosiul,dc=lan"
Thanks
On 4 A
Hi
I am very new in ldap(Fedora Directory Server)
I need to develop a script to add a new user and put it into few
groups automatically.
So wondering what would be best way .
Putting the command in to a script should not be a issue.
problem is what would be the best way
shall i create ldiif firs
HI
every where i see, it tells me to create nisnetgrouptriple by using from ldif .
but i am quite new to do that.
So i want to know how will i create this by using "centos-idm-console"
I already created organization group, nisgetgroupclass
Ou=netgroup
cn=puppet
Now i need to create nisnetgrouptr
HI thanks
if i try this
ldapsearch -x -ZZ -D "uid=falam,ou=users,l=uk,dc=fosiul,dc=lan" -w
xxx -h ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)" dn
cn sn
now if i give a wrong password it will say , authentication failed
but with correct password
yes its
rpm -qa | grep nss_ldap
nss_ldap-253-49.el5
nss_ldap-253-49.el5
i there is some other problem ..
example :
when i execute this :
ldapsearch -x -ZZ -D "cn=Directory Manager" -w meditation -h
ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Ala
of /etc/nsswitch.conf and /etc/ldap.conf
>
> 28-07-2012 18:13, "Fosiul Alam" napisał(a):
>
>> Hi
>> I configured another pc
>> with authconfig-tui
>> but there is not any luck
>> its same thing ..
>>
>> Fosiul
>>
>> On Sat, J
hentication. For
> example authconfig-tui has simple text-based interface, authconfig is CLI
> based and require arguments. Finally system-config-authentication has gui.
>
> 28-07-2012 16:50, "Fosiul Alam" napisał(a):
>>
>> Hi
>> I have setup ldap server and f
Hi
I have setup ldap server and from client its returning example :
[root@home ~]# ldapsearch -x -ZZ -D "cn=Directory manager" -w xxx -h
ldap-2.fosiul.lan -b "dc=fosiul,dc=lan" "(cn=Fosiul Alam)"
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (cn=
organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
uid: falam
cn: Fosiul Alam
homeDirectory: /home/falam
userPassword:: e1NTSEF9UGtqNjhvazF1SFR0NUR5T0Roa2FSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
=
# search result
search: 3
result: 0 Success
# numResponses: 7
# numEntries: 6
so falam
if i try from server)
example (last few lines)
uid: falam
cn: Fosiul Alam
homeDirectory: /home/falam
userPassword:: NUR5T0Roa2FSU1pSR0RrSWNYYkVvYVU2V2c9PQ=
=
# search result
search: 3
result: 0 Success
# numResponses: 7
- Ignored:
# numEntries: 6
Hi
thanks I understand i will have to start from scratch for certificate
.. but few explanation i need
My ldapserver host name is : ldap-2.fosiul.lan
and I just cn="Directory Manager"
so according to those info.. what shall i put in ,
dc=directory ???
and
cn=directory.example.com" ???
My server
Hi
I am not getting reply by email, so i cant click on reply...
how will i get reply by email ??
@
i think i have done something wrong to create certs
I have used bellow script to create all the certificate :
https://github.com/richm/scripts/blob/master/setupssl2.sh
now when i do this ,i get be
Hi
Dont know how to reply on same thread.
but thank for quick reply.
its case sensitive. so I created the cert file
and i put that one into client , and i configured as documentated
/etc/openldap/ldap.conf
URI ldap://ldap-2.fosiul.lan/
BASE dc=fosiul,dc=lan
TLS_CACERTDIR /etc/openldap/cacerts/
Hi
Thanks for reply.
but there is a problem ..
is there is the example
certutil -d . -L
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
CA certificate CTu,u,u
server-cert
HI i have installed ssl certificate from bellow script
https://github.com/richm/scripts/blob/master/setupssl2.sh
it went fine.
but I dont understand, how will i create Certificate file for the clients.
according to documentation :
http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_
78 matches
Mail list logo