Re: [Fedora-directory-users] Re: A multi-master disaster

Quotes are expected to be escaped in the access log. I wonder if you have a space in the cn value of the mapping node, that is, something like cn="dc=edops, dc=com". That would allow the import to succeed but the node would not be found without the space to set the referral. Compare the mapp

Re: [Fedora-directory-users] Manage Password Policy

The input fields, radio buttons, checkboxes and lists in the lower sections should be grayed out until the checkbox at the top labeled "Create subtree level password policy" or "Create user level password policy" has been checked. This checkbox should not be grayed out -- is it? 田中　康平 wrote: > i t

Re: [Fedora-directory-users] Issue with Fedora DS Client Setup on HP???/

Ajeet, sounds like your /etc/pam.conf file needs an update. As an addendum, the configuration aside from nsswitch.conf and pam.conf is created for you by the LDAP-UX /opt/ldapux/config/setup program, including the profile entry in the Directory Server. There will be sample nsswitch.ldap and p

Re: [Fedora-directory-users] Setting up Multi-Master replication between 7.1 and 1.0.1-4

The configuration the installer talks about storing when selecting a configuration directory is for the Administration Server, not for the local Directory Server configuration, so the suffix mapping can't have ended up in the wrong instance, it's always local. When you installed 7.1 it should

Re: [Fedora-directory-users] Setting up Multi-Master replication between 7.1 and 1.0.1-4

Ken Marsh wrote: Hello, Thank you everyone for your patience. I was able to get 1.0.1-4 up and running with Admin working on ES5/64 bit by simply saying “No” to one of the questions about my 7.1 DS: Fedora configuration directory server? [No]: Saying “yes” to this question and en

Re: [Fedora-directory-users] nsslapd-idletimeout does not seem to work

Hello Anthony. The connection table is walked and idle are connections dropped when poll or select return non-0; you need to have a new incoming connection or activity on one of the established connections for the idle ones to get dropped. Not sure where a searchable archive of this list is lo

Re: [Fedora-directory-users] ns-slapd out of memory

Hi, are the CUPS mods value replacements? If they are, you may be running into leak that has been fixed since 1.04, you could try applying the diffs, respinning, and replacing libback-ldbm.so. https://www.redhat.com/archives/fedora-directory-commits/2007-September/msg00064.html Tamas Bagy

Re: [Fedora-directory-users] white space at the end of attributes that refuses to go away

When attribute values are deleted from entries in a replicated partition they are moved to a hidden state, they need to be kept around in case they need to be resurrected by the update resolution protocol. If you add the same value after deleting it, the underlying mechanism moves it back from

Re: [Fedora-directory-users] directory server setting fail to terminate idle connections

Idle timeout enforcement is passive, it occurs when we've polled some activity and we're walking over the connection table. If you had made an additional connection or sent an operation on another established connection the idle one should have been disconnected. Brian Fender wrote: I ran i

Re: [Fedora-directory-users] disallow_pw_change_aci problem

This ACI is automatically added to each root entry when the passwordChange global password policy is set to off (in the GUI, when "User may change password" is unchecked). Omer Faruk Sen wrote: Hi, I have installed fedora-ds 1.0.4 to Fedora 6 server. I am trying to install mail ldap cluster.

Re: [Fedora-directory-users] VLV index and uid attribute

Ville Silventoinen wrote: I know there was an earlier thread about using uid attribute for sorting and that it's not supported by the Console: http://www.mail-archive.com/fedora-directory-users@redhat.com/msg04439.html However, I thought I'd try following approach: 1. I deleted previous Br

Re: [Fedora-directory-users] Replication Possibilities

can occur. Ulf Weltman did some investigation on this a while back. You might be able to find his comments in the list archive. This is the configuration I debugged: In a configuration with two DS in MMR (M1 and M2) and two AD in the same domain (AD1 and AD2), M1 is configured to sync with AD1 and

Re: [Fedora-directory-users] Multi-Master Replication Problems

I'd love to know how your RUV could be missing. I wonder if whatever problem left you with mismatched generation ID still persists, it seemed odd that happened after a network outage. If the RUV entry was missing that would explain it, that's where the generation ID of the local data is store

Re: [Fedora-directory-users] Multi-Master Replication Problems

Wendt, Trevor wrote: ## "The generation ID errors sound like real errors, but those should be resolvable with the correct replica re-initialization done." I've tried re-initializing the consumer multiple times with no success. The NSMMReplicationPlugin - replica_check_for_dat

Re: [Fedora-directory-users] How to detect if user password has expired?

The expiration time is stored as the passwordexpirationtime attribute in generalized time format. You could search for users with an expiration time of less than the current time, like "(passwordexpirationtime<=2007010819Z)". Ulf Ankur Agarwal wrote: Hi, Is there any in-built attribut

Re: [Fedora-directory-users] FDS dies on SSL - How do I rescue installation?

Ian Holroyd wrote: I have been setting up Fedora Directory Server for use with Samba PDC etc. I had most aspects of this working, with SSL transport operating correctly, having followed the HowTo. However, I have now restarted whole system and the start-slapd will not work, generating the follow

Re: [Fedora-directory-users] Password lockout and Account inactivation

Ankur Agarwal wrote: Hi, In my application i need to implement password lockout (after 3 unsuccessful attempts) and account inactivation by admin. I am using Weblogic security provider for authenticating my users residing in redhat LDAP. I have 2 questions: 1) Using directory management co

Re: [Fedora-directory-users] Persistent MMR problems

Does it definitely replicate a few changes correctly before the problem starts? It reminds me of a problem that used to occur with an earlier 6.21 release, but in that case the first change would not be replicated (changelog empty with no anchor at the head of the list), and the second would p

Re: [Fedora-directory-users] Authentication through Active Directory

David Boreham wrote: Joerg Schoppet wrote: I'm in an account of a bigger company, which uses Microsoft Active Directory for User Management and Authentication. Now we need to save some additional information for a subset of all employees, but the AD-Administrators do not want to include the r

Re: [Fedora-directory-users] Script after update operation

Radek Hladik wrote: Richard Megginson napsal(a): Radek Hladik wrote: Hi all, I would like to execute script after every update operation on specified subtree. I would like to know whether is there any best practice solution. I've found out I can write really simple post-operation pl

Re: [Fedora-directory-users] File descriptor problem

Hello Patrick. Check nsslapd-descriptors and nsslapd-conntablesize in dse.ldif. If the latter isn't present it'll be equal to either getdtablesize() (which is RLIMIT_NOFILE on Linux I think) or nsslapd-descriptors, whichever is lower. nsslapd-descriptors sets the soft limit on the ns-slapd p

Re: [Fedora-directory-users] PassSync only working one way

UnicodePwd has to be little-endian unicode and with quotes around it. You can do something like... echo \"Secret12\" > pass.txt iconv -t UNICODELITTLE -o unicodepass.txt pass.txt And then base64 encode unicodepass.txt and use the result for unicodePwd value. I got the details from http://su

Re: [Fedora-directory-users] Hp_ux authentication

Mike Jackson wrote: Bliss, Aaron wrote: Were running fds in our environment, and authenticating our linux servers to our directory servers; we have a couple of hp_ux boxes (11i) here and I would like to configure them to also authenticate to fds; is this possible? If so can you point me to so

Re: [Fedora-directory-users] Account lockout counters not replicating; how to unlock users?

it to work for this case. The internal update that adds the PWP state didn't seem to get chained, only updates coming from external clients. Aaron -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf Weltman Sent: Tuesday, February 07, 2006

Re: [Fedora-directory-users] Account lockout counters not replicating; how to unlock users?

Hello Aaron. Two separate things: I may have misunderstood your configuration, but nothing is replicated from a consumer to a master unless the consumer is actually configured as a hub with an agreement back to the supplier. You can use passthrough authentication trickery to cause binds to be

Re: [Fedora-directory-users] Chain On Update problem

Richard Megginson wrote: ILoveJython wrote: I have read the document: Howto:ChainOnUpdate - Fedora Directory Server and have been unable to get it to work. When I attempt a write to the consumer it makes the change on the cons

Re: [Fedora-directory-users] reducing memory footprint?

Hello George and Gerald. I'm afraid the tuning guide wont help much with reducing memory footprint, it focuses on increasing performance which involves using more memory among other things! :) There is a document for the NSDS 7.0 which is not far from the FDS 1.0 codebase if you're still inte

Re: [Fedora-directory-users] Require SSL/TLS Only Connections

Hello Thomas. You can disable the plain LDAP port by setting nsslapd-port to 0 in dse.ldif. The errors log should say that the non-secure port is disabled when you start up again. I don't think there's a way to get the server to require successful start-TLS on the plain port before accepting