n 2009 08:19:19 -0700
Subject: Re: [Fedora-directory-users] FD-AD Password Sync Trouble
> Glenn wrote:
> > We have Windows Sync replication set up between Fedora Directory 1.04 and
> > Active Directory. When we change a user's password in FD, it replicates
to
> > AD. W
We have Windows Sync replication set up between Fedora Directory 1.04 and
Active Directory. When we change a user's password in FD, it replicates to
AD. When we change a user's password on the AD server, it replicates to FD.
But when we change the user's password on the user's local AD compu
Never mind. I rebooted the Active Directory domain controller and the
problem went away. Thanks. -G.
-- Forwarded Message ---
From: "Glenn" <[EMAIL PROTECTED]>
To: "Fedora DS List"
Sent: Fri, 3 Oct 2008 17:06:01 -0500
Subject: Windows Sync Cert
All of a sudden, Windows Sync is broken and I'm getting this error message in
the Fedora Directory 1.0.4 log:
[02/Oct/2008:06:08:10 -0500] NSMMReplicationPlugin - agmt="cn=AD-
LawFacultyStaff" (boccherini:636): Simple bind failed, LDAP sdk error 81
(Can't contact LDAP server), Netscape Portable
AIL PROTECTED]>
To: "General discussion list for the Fedora Directory server project."
Sent: Wed, 02 Jul 2008 07:01:21 -0600
Subject: Re: [Fedora-directory-users] Scheduled Resync with Windows Sync?
> Glenn wrote:
> > It is difficult to know when a full resynchronization is
Here's an odd one. We have a Windows Sync agreement between Fedora Directory
1.04 and Active Directory. If we change a user's password on the domain
controller, the password is replicated to Fedora Directory. But if we change
the user's password on the user's Windows XP computer using Ctrl-Al
It is difficult to know when a full resynchronization is necessary for a
given Windows Sync agreement. I would like to be able to start a full resync
from a cron script. Is this possible, or is there any other way to schedule
a full resync to run periodically without human intervention?
We ar
Is there a URL in the Directory Server Gateway where users can get a form
that will allow them to change their own directory password? The only way
I've found to do this is to search for the user first. This requires several
steps, and users have difficulty with this. If we could simply put a
Is it possible to limit access to the directory through the Directory Server
Gateway? Ideally, we would like to make the gateway available only to the
10,000 users in our directory. The way it is configured now, anyone with
access to the gateway web site can search the directory. We are runni
We are trying to replicate user data between Fedora Directory 1.0.4 and
Active Directory using Windows Sync. It works fine until we add the posix
objectclass to users in FD. This seems to break replication. Can anyone
supply a workaround for this? Thanks. -G.
--
Fedora-directory-users mai
com.netscape.management.client.util.ResourceSet. (source
file unknown:line unknown, pc 0x8589a68)
at com.netscape.management.client.console.Console. (source
file unknown:line unknown, pc 0x85ba276)
Is anyone succeeded installing fds on debian ?
Can anyone help me ?
Thank you.
Glenn
Anyone got a clue? Thanks. -Glenn.
-- Original Message ---
From: "Glenn" <[EMAIL PROTECTED]>
To: "General discussion list for the Fedora Directory server project."
Sent: Wed, 5 Dec 2007 11:07:00 -0500
Subject: Re: [Fedora-direct
-- Original Message ---
From: Rich Megginson <[EMAIL PROTECTED]>
To: "General discussion list for the Fedora Directory server project."
Sent: Wed, 05 Dec 2007 08:18:53 -0700
Subject: Re: [Fedora-directory-users] ACIs Don't Work?
> Glenn wrote:
> >
ess - Insufficient 'write' privilege to the 'roomNumber'
attribute of entry 'uid=tsmith,ou=main,ou=people,dc=txwes,dc=edu'. )
You do not have sufficient privileges to perform the operation."
I checked all the inherited ACIs on the OU, and no rights are denied.
column two. We have about 8,000 users. Any help appreciated. Thanks. -
Glenn.
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
r. I set up
replication on a test system, and it works correctly. Thanks for any
suggestions. -Glenn.
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
. I tried adding
the "displayname" attribute to an FD user record, but it doesn't replicate to
AD, even after a full resync. Can anyone suggest how this could be done?
Thanks. -Glenn.
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.red
Richard - It has been months since I did this, and I don't remember each
detail of the installation. I did not use the default server user ID; I
changed it when given the opportunity during installation. Maybe this caused
a permissions problem? -Glenn.
-- Original Me
Travis - I had this problem with new installations and clean re-
installations. The installation of Fedora Directory did not create the
certificate database. I solved it by creating the appropriately-named
certificate database in the correct location using certutil. -Glenn
Paolo - Have you compared password complexity rules between AD and FD? They
should be the same. -Glenn.
-- Original Message ---
From: Paolo Barbato <[EMAIL PROTECTED]>
To: "General discussion list for the Fedora Directory server project."
Sent: Mon, 1 Oct 200
Paolo - Maybe your certificates are not set up correctly. You should have the
same CA certificate in the database in both FDS and AD. Also, the server
certs in each database should be issued by the same certificate authority.
It is convenient to use the Certificate Authority included with recen
, password changes on either
system are replicated to the other. One way to deal with this is to force
each user to change his or her AD password shortly after you bring up the
Windows Sync agreement. -Glenn.
-- Original Message ---
From: Dusty Herrman <[EMAIL PROTECTED]>
To:
.createSSLEngine()
Ljavax/net/ssl/SSLEngine;
Is the Windows Sync function known to work with FDS 1.0.3 and NT4? Hoping
someone can help. Thanks. -Glenn.
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
is
through to completion, with the Fedora server as supplier and the NT server
as consumer (this is what we need anyway). But immediately after completing
the agreement, the replica fails to initialize.
All suggestions warmly accepted. Thanks. -Glenn.
ldapsearch options
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:fedora-
> > [EMAIL PROTECTED] On Behalf Of Glenn
> > Sent: Wednesday, July 25, 2007 6:36 AM
> > To: Fedora DS List
> > Subject: [Fedora-directory-users] Windows Sync NT4 Search Base?
> >
> >
got a
clue? Thanks. -Glenn.
# ldapsearch -v -H ldap://nt4testbox.mydomain.edu -D "uid=admin,ou=system" -
b "dc=mydomain,dc=edu"
ldap_initialize( ldap://nt4testbox.mydomain.edu )
ldap_sasl_interactive_bind_s: No such attribute (16)
--
Fedora-directory-users mailing li
va:279)
Any idea what is wrong or how I can narrow it down? Thanks. -Glenn.
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
So I have a successful Windows Sync agreement set up between Fedora DS and
Active Directory, but I'm having difficulty setting up a sync agreement with
an NT4 domain. I'm at the point where I've entered the NT server info in the
agreement form. When I click Next, I get an error message:
"Una
Hello Andre,
It seems your certificates are not set up correctly. You should have the
same CA certificate in the database in both FDS and AD. Also, the server
certs in each database should be issued by the same certificate authority.
It is convenient to use the Certificate Authority included
So I have a successful Windows Sync agreement set up between Fedora DS and
Active Directory, but I'm having difficulty setting up a sync agreement with
an NT4 domain. I'm at the point where I've entered the NT server info in the
agreement form. When I click Next, I get an error message:
"Unab
We are planning to use Windows Sync to synchronize FDS with Active
Directory. We will also synchronize passwords using the Pass Sync service.
We will gradually move users from the old NT domain to Active Directory, so
we will need to have both running for a time.
Can you tell me if it is po
We are getting ready to deploy Windows Sync between FDS and Active
Directory. Among key users at our workplace, there is resistance to the
minimum password complexity rules in Active Directory, but the Red Hat
Directory manual says these rules must be applied for the password sync to
work. Is
I'm trying to create a replication agreement on a Fedora Directory server,
version 1.0.3. I want to select a subtree of the database for replication,
but there doesn't seem to be a way to do this. The help says I can select a
subtree by creating the agreement from the Replication folder instea
o: "General discussion list for the Fedora Directory server project."
Sent: Wed, 4 Apr 2007 13:21:09 -0700
Subject: Re: [Fedora-directory-users] Problem running console on Windows
> On Wed, 04 Apr 2007, Glenn wrote:
>
> > I'm trying to get the Fedora DS 1.0.4
sword. Also, AD requires all entries to
have certain attributes, including:
objectclass: ntuser
ntUserDomainID: yourADuserID
ntusercreatenewaccount: true
-- Original Message ---
From: "Glenn" <[EMAIL PROTECTED]>
To: "Fedora DS List"
Sent: Mon, 9 Apr 2
When I get Windows Sync running between Fedora Directory Server 1.0.3 and
Active Directory on a Windows 2003 server, it logs an error message every
four seconds: "Replica has no update vector. It has never been
initialized." I've tried restarting the directory server and the admin
server, and
Any idea what could cause this? Thanks. -Glenn.
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
the
ldapsearch command on the DS server, it says, "certificate verify failed".
certutil says the CA certificate is included in both the slapd-server-
cert8.db and the admin-serv-cert8.db. What else should I check? Thanks. -
Glenn.
--
Fedora-directory-users mailing list
Fedora-d
Hello, again! I'm trying to install Fedora DS 1.0.4 on Red Hat EL4.
Everything goes smoothly until I try to enable SSL in the admin server
console. When I try to save new settings on the Encryption tab and the User
DS tab, I get a message, "PSET failure. PSET attribute creation or local
cach
f 2007.
But, you know, if the error message had said, "your certificate is not valid
yet" or even, "check the date, twit", I might have resolved this more
quickly. Then again, maybe not. :) Thanks again. -Glenn.
-- Original Message ---
From: Richard
earlier, and it worked fine then.
Can anyone suggest what I might try now? Thanks. -Glenn.
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
I'm trying to restart the admin server from the command line in RHDS 7.1. It
shuts down o.k., but it responds to the start-admin command with an error
message:
startup failure: could not bind to port 30838 (Address already in use)
This only happens after I connect to the directory server gatew
One more entry is required -- objectclass: ntuser
-Glenn.
-- Original Message ---
From: "Glenn" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], "General discussion list for the Fedora Directory
server project."
Sent: Mon, 8 Jan 2007 14:32:07 -0600
Subj
on of the manual.
Thanks for your kind responses! -Glenn.
-- Original Message ---
From: David Boreham <[EMAIL PROTECTED]>
To: "General discussion list for the Fedora Directory server project."
Sent: Mon, 08 Jan 2007 10:46:26 -0700
Subject: Re: [Fedora-directory-
>
> All you need is to have entries that are 'syncable'. On the FDS side
> this means
> special objectclass and attribute values. On the AD side it only
> means having the entries in the container configured in the sync agreement.
If I have entries in DS that do not exist in AD, and I "Initiate
Anybody? Thanks. -G.
-- Original Message ---
From: "Glenn" <[EMAIL PROTECTED]>
To: "General discussion list for the Fedora Directory server project."
Sent: Tue, 2 Jan 2007 15:38:50 -0600
Subject: Re: [Fedora-directory-users] Windows Sync Errors
>
quot; imports into DS, but not into AD.
So if I have some object classes and attributes required for AD that are
not allowed in DS, and vice-versa, how can I make Windows Sync work? I'm
sure I'm missing something here. I'm including sample ldif entries from each
import below.
.edu in the DS
should be synchronized with ou=Domain Users,dc=ad,dc=txwesleyan,dc=edu in
AD. Both ous exist as specified.
Can anyone please suggest what I might try to get this working? Thanks. -
Glenn.
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.co
Netscape Directory had a standalone application that gave Windows users
access to the directory console. The 4.2 version of this app does not seem
to work with Red Hat Directory Server 7.1SP3, and I'm wondering if there is a
standalone console available that will. Thanks. -Glenn.
--
F
I haven't tested this, but it might be possible. See Microsoft KB article
303972. -Glenn.
http://support.microsoft.com/kb/303972/
-- Original Message ---
From: Nicholas Byrne <[EMAIL PROTECTED]>
To: "General discussion list for the Fedora Directory server
Assuming I get Directory Server working, is there a web-based editor that
our help desk and HR people can use to add and delete users and change
passwords? What's the best way to set this up? Thanks. -Glenn.
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
o the Directory Server as well as the AD? -Glenn.
Example:
dn: cn=John Doe,ou=Domain Users,dc=ad,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: user
userprincipalname: TWU:[EMAIL PROTECTED]
samaccountname: TWU:jdoe
mail: [EM
error on every
line in the file, making it impossible to narrow it down.
I can't possibly be the only person who has run into this problem. Hoping
someone can shed some light. Thanks. -Glenn.
-- Original Message ---
From: Richard Megginson <[EMAIL PROTECTED]&
ot;
(boccherini:636): windows_replay_update: Cannot replay add operation.
-- Original Message ---
From: Richard Megginson <[EMAIL PROTECTED]>
To: "General discussion list for the Fedora Directory server project."
Sent: Tue, 28 Nov 2006 10:09:32 -0700
Subject: Re: [Fedora-director
0-day evaluation runs out. Thanks. -Glenn.
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
1
The status window also says the last consumer initialization ended 16
seconds after it began.
I have tried redoing the sync agreement several times, and restarted the
admin and ds servers and rebooted the machine. What else can I do?
Thanks. -Glenn.
--
Fedora-directory-users mailing
rver project."
Sent: Thu, 16 Nov 2006 07:47:18 -0700
Subject: Re: [Fedora-directory-users] Windows Sync - Unable to contact
Active Directory
> Glenn wrote:
> > I'm still trying to get Windows Sync working on my Red Hat Directory
Server
> > 7.1 SP3evaluation. I have fol
ectory server.
I can ping the Active Directory server by its host name and by its fully
qualified domain name. What else should I be looking at? Thanks. -Glenn.
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
ve been at this
too long, and I'm going for a cup of coffee now. Thanks again for your
patient assistance. You guys are great! -Glenn.
-- Original Message ---
From: Thomas Kwan <[EMAIL PROTECTED]>
To: "General discussion list for the Fedora Directory server pro
e. Thanks again for your help. -Glenn.
-- Original Message ---
From: Thomas Kwan <[EMAIL PROTECTED]>
To: "General discussion list for the Fedora Directory server project."
Sent: Wed, 15 Nov 2006 08:23:59 -0800
Subject: Re: [Fedora-directory-users] pk12util error
&g
off-
topic question, but there doesn't seem to be any support for the evaluation
of RHDS. Thanks. -Glenn.
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
I'm testing a new installation of Directory Server. I have both
the directory server and the admin server using SSL. There are instructions
for auto-starting the SSL-enabled directory server at boot time by putting
the SSL password in a text file, and this works fine. But I can't seem to
fin
ave their base dn blank, which
is
something Exchange can apparently deal with. I am not sure if it had to be specifically
configured to allow this.
So the bottom line sounds like we need to touch several hundred desktops if we want to
transition away from Exchange. Sigh...
Thanks.
Glenn
--
I'm replacing an ldap server with Fedora Directory. The old one allows
searches with the base dn empty. Is there a way to allow searches with a
blank base dn in Fedora Directory?
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora
64 matches
Mail list logo