--- "Tay, Gary" <[EMAIL PROTECTED]> wrote:
> Please re-install with your choice of baseDN, be it
> dc=composers,dc=foo,dc=com or
> dc=foo,dc=com.
I reinstalled it -- it works a lot better now!
bash-2.03# ldaplist -l
ldaplist: Object not found (LDAP ERROR (50): Insufficient access.)
bash-2.03# i
On Thu, 25 Aug 2005 22:30:28 +1000
James van Zeeland <[EMAIL PROTECTED]> wrote:
> Turning off selinux protections for Samba solves issue
>
> J
>
> On Thu, 2005-08-25 at 21:23, James van Zeeland wrote:
> > Scratching my head on samba integration.
> >
> > I can login Posix users OK, i.e. go to di
--- Justin Albstmeijer <[EMAIL PROTECTED]> wrote:
>
> Just looked at my test solris client.. and got the same error..
> It seems "ldapclient -P..." will even complete with the wrong proxyagent
> password.. (only uses this to create the NS1 password) and fetches the
> profile anonymous..
>
> so
That's a very good question. The "one structural objectclass" rule
probably comes from X.500. Can you post this same question to the
ldap@umich.edu list? There are many people there who are knowledgeable
about the roots of LDAP and X.500 who would probably be able to answer
your question.
"ldapclient" result indicates that your "domainame" does not tally with
"nisDomain" object in the rootDN entry, it is kind of messy, here and there.
Please re-install with your choice of baseDN, be it dc=composers,dc=foo,dc=com
or dc=foo,dc=com.
If you change /etc/defaultdomain, to take immed
Sorry to dredge up a really old thread, but I've been trying to track
down something about it that's been bothering me.
Basically, part of the thread devolved to the idea of creating a single
user entry that has objectclasses: inetorgperson, account,
posixaccount, shadowaccount, etc. If I un
It is kind of messy here, pls don't continue to do any other thing, I strongly
suggest you start from FRESH and reinstall FDS7.1 again.
OK assuming you prefer to use foo.com as the LDAP domain (nisdomain), the
baseDN (where the topmost rootDN is) will be dc=foo,dc=com, if you choose
"populate
This is gonna be lng... I just want to thank you guys again for wading
thru this
crap...
--- "Tay, Gary" <[EMAIL PROTECTED]> wrote:
> ===
> Do you still think I need to change my defaultSearchDN? Also, must those
> ACLs be added
> still? Because it looks like you're doing a manual config
Just looked at my test solris client.. and got the same error..
It seems "ldapclient -P..." will even complete with the wrong proxyagent
password.. (only uses this to create the NS1 password) and fetches the
profile anonymous..
so do you get:
libsldap: Status: 49 Mesg: openConnection: simple bi
--- "Tay, Gary" <[EMAIL PROTECTED]> wrote:
> I think you should put "objectclass=*" (search filter) at the end, see
> "man ldapsearch"
>
> If you need to do anything and are not familar with LDAP command tools,
> use the admin server to do it.
>
> IIRC all your LDAP data should have baseDN dc=
===
Do you still think I need to change my defaultSearchDN? Also, must those ACLs
be added
still? Because it looks like you're doing a manual config, right?
===
Yes I think you should set baseDN (defaultSearchBase) to
dc=composers,dc=foo,dc=com, NOT dc=foo,dc=com, it should correspond LDAP doma
--- Justin Albstmeijer <[EMAIL PROTECTED]> wrote:
>
> you will see that "ldaplist -l passwd {username}" will not show the
> password field..
>
> the proxyagent user needs read access to all userPassword fields.. this
> can be done with the controlpanel of FDS..
Alright. This the aci I added:
> I did. It kept failing until I got rid of "-a default"
"-a" is the authentication method...
I think you wanted to use "-P default".
In your case no problem, because it defaults to it.. but in case you want
to use a different profile...
--
Fedora-directory-users mailing list
Fedora-directory-u
>> serviceSearchDescriptor: group: ou=group,dc=foo,dc=com
Did you create this "ou=group,dc=foo,dc=com", because default FDS has a
"ou=Groups,dc=foo,dc=com".
I used that one, by adding the "posixgroup" object to
"ou=Groups,dc=foo,dc=com" and adding the following attribute to the
profile.
NS_LDAP
you will see that "ldaplist -l passwd {username}" will not show the
password field..
the proxyagent user needs read access to all userPassword fields.. this
can be done with the controlpanel of FDS..
> So, looks like it worked but I can't authenticate any users. id testdba
> produces traffic
>
Gary, thank you for the replies. (I do have the patch you mentioned:)
bash-2.03# showrev -p | grep "^Patch: 108993-48"
Patch: 108993-48 Obsoletes: 108827-40, 108991-18, 109322-09, 109461-03, 111641-0
[...]
--- "Tay, Gary" <[EMAIL PROTECTED]> wrote:
> 0) As mentioned in previous email, use "ldap
Turning off selinux protections for Samba solves issue
J
On Thu, 2005-08-25 at 21:23, James van Zeeland wrote:
> Scratching my head on samba integration.
>
> I can login Posix users OK, i.e. go to directory console create a user,
> enable posix attributes, set UID and GID, create a home director
Scratching my head on samba integration.
I can login Posix users OK, i.e. go to directory console create a user,
enable posix attributes, set UID and GID, create a home directory and
the user can login.
Have followed the howto linked to from docs page.
Attempting to login with samba from an XP w
Thanks for the info, I did say "USED TO WORK VERY WELL".
I remembered it worked for me "once" or "twice" for a default profile
using "simple" bind, after that when I tried to enhance it to TLS
profile using "tls:simple" bind, it started to sing song. Again I wish
you could prove me wrong the next
> 1) The "ldapclient -P ..." command line which downloads LDAP profile
> from LDAP Server, USED TO WORK VERY WELL is not working anymore.
Strange Gary, "ldapclient -P ..." still works fine for me on Solaris 8
(108993-48), with FDS 7.1.
--
Fedora-directory-users mailing list
Fedora-directory-user
20 matches
Mail list logo