It looks like the Install_Guide
(http://directory.fedoraproject.org/wiki/Install_Guide) needs to be updated for
the testing entries.
I needed to run the following:
yum upgrade --enablerepo=epel-testing 389-ds-base
instead of:
yum upgrade --enablerepo=updates-testing
Still testing the rest of i
Our AD admins want to move users from our ou=Users tree to a new tree called
ou=Departed, after we've locked the accounts, so that we know when a user has
left the company and we've completed the cleanup process. We've discovered
through trial and error that when they do this on the AD server,
>
> Hi Anne!
>
> On Thu, 31 Dec 2009, Anne Cross wrote:
>
>> As I understood it, you could only use entries in /etc/group as opposed to
>> using LDAP groups (which is what we're after.) Our goal was to not need to
>> manage locally stored files - w
ts the sudo entries in the
directory to /etc/sudoers to handle the case of legacy machines that are too
old or broken to have native sudo ldap lookups (of course they still need to be
able to lookup uid's/gid's in the directory for this to work).
On Tue, Dec 29, 2009 at 7:33 AM
We're going to go with sudoers in ldap, not because I think it's better, but
because it's somewhat more secure. I think the layout of how it's managed in
ldap is much inferior (having to declare each group multiple times, and not
being able to apply privileges to a *group*, is stupid) but it is
I'm having problems installing via yum, even with an import of the gpg key at
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA7B02652 - are the packages
in the testing directory signed with a different key?
"Package 389-ds-base-1.2.5-0.3.rc2.el5.x86_64.rpm is not signed"
-- juniper
-
Rich Megginson wrote:
I have a new PassSync package 1.1.3 that should address some install
issues reported by some users on Windows 2008.
Please test these and let me know how they work
http://rmeggins.fedorapeople.org/389-PassSync-1.1.3-i386.msi
http://rmeggins.fedorapeople.org/389-PassSync
Rich Megginson wrote:
Anne Cross wrote:
I'm trying to sync passwords from 389 to Active Directory.
If we import users from AD, then try to change their passwords, the
replication locks up.
Can you be more specific? Have you tried the replication log level
(which also logs winsync
I'm trying to sync passwords from 389 to Active Directory.
If we import users from AD, then try to change their passwords, the
replication locks up.
If we create the users on 389, and sync them back to AD, the password
field passed back is blank in Windows.
Passsync isn't going to work becaus
Rich Megginson wrote:
Anne Cross wrote:
We have two AD servers, and we're working on having four 389 Masters
geographically distributed, multi-mastered between them, etc, etc,
etc. The goal here is to stop having network hiccups take things out.
The AD servers talk to each other ni
We have two AD servers, and we're working on having four 389 Masters
geographically distributed, multi-mastered between them, etc, etc, etc.
The goal here is to stop having network hiccups take things out.
The AD servers talk to each other nigh-on instantaneously. Likewise for
the 389 servers
Rich Megginson wrote:
but searching as cn=replication,cn=config or similar results doesn't
return any results.
Can someone point me at the ACI I need to modify (or do I need to
create a new one?) to add read-only access to cn=config on our master
servers for monitoring purposes? Thanks!
The s
I'm working on setting up nagios monitoring of our multi-master
replication, and given the occasional problems that are plaguing our
network, we need replication monitoring. The script on
http://directory.fedoraproject.org/wiki/Howto:ReplicationMonitoring#Monitoring_replication_with_Nagios
is
ection,
which, depending on the need, is occasionally good enough.
Anne Cross wrote:
I've been through the FDS/389 website, and the best I've come up with
is this:
http://directory.fedoraproject.org/wiki/Howto:OpenldapIntegration
Unfortunately, that gives me the sync in the wron
I've been through the FDS/389 website, and the best I've come up with is
this: http://directory.fedoraproject.org/wiki/Howto:OpenldapIntegration
Unfortunately, that gives me the sync in the wrong direction. We have
pre-existing OpenLDAP servers that belong to a different group. We're
suppose
15 matches
Mail list logo
