Fedora directory users - Dec 2006 - RE: Fedora-directory-users Digest, Vol 19, Issue 3

>From: fedora-directory-users-request@redhat.com
>Reply-To: fedora-directory-users@redhat.com
>To: fedora-directory-users@redhat.com
>Subject: Fedora-directory-users Digest, Vol 19, Issue 3
>Date: Sat,  2 Dec 2006 12:00:05 -0500 (EST)
>
>Send Fedora-directory-users mailing list submissions to
>	fedora-directory-users@redhat.com
>
>To subscribe or unsubscribe via the World Wide Web, visit
>	https://www.redhat.com/mailman/listinfo/fedora-directory-users
>or, via email, send a message with subject or body ''help''
to
>	fedora-directory-users-request@redhat.com
>
>You can reach the person managing the list at
>	fedora-directory-users-owner@redhat.com
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Fedora-directory-users digest..."
>
>
>Today''s Topics:
>
>    1. Re: RE: Fedora-directory-users Digest, Vol	19,	Issue 1
>       (Richard Megginson)
>    2. Re: AD + FDS sync stops working? (To Ngan)
>    3. Re: Memory usage (koniczynek)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Fri, 01 Dec 2006 12:55:24 -0700
>From: Richard Megginson <rmeggins@redhat.com>
>Subject: Re: [Fedora-directory-users] RE: Fedora-directory-users
>	Digest, Vol	19,	Issue 1
>To: "General discussion list for the Fedora Directory server
project."
>	<fedora-directory-users@redhat.com>
>Message-ID: <457088AC.1030004@redhat.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>t b wrote:
> > My logs seem to indicate that the connection is being encrypted; I can
> > ssh to a client server and get the password prompt, but when I enter
> > the password it just returns me to the password prompt again
> >
> > [01/Dec/2006:19:47:44 -0500] conn=650 fd=69 slot=69 connection from
> > xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx
> > [01/Dec/2006:19:47:44 -0500] conn=650 op=0 EXT
> > oid="1.3.6.1.4.1.1466.20037" name="startTLS"
> > [01/Dec/2006:19:47:44 -0500] conn=650 op=0 RESULT err=0 tag=120
> > nentries=0 etime=0
> > [01/Dec/2006:19:47:44 -0500] conn=650 SSL 256-bit AES
>All of this means the client was able to successfully perform the
>startTLS extended operation and start using SSL.
> > [01/Dec/2006:19:47:44 -0500] conn=650 op=1 UNBIND
> > [01/Dec/2006:19:47:44 -0500] conn=650 op=1 fd=69 closed - U1
>The UNBIND means the client had a problem and closed the connection.
>Does the client print any errors?  Are there any messages in the server
>error log?
On the client server it show,

sshd[24149]: Failed password for invalid user xxxxx from xxx.xxx.xxx.xxx 
port xxx ssh2








> >
> > If I disable TLS everything works fine, the client server can query
> > the FDS and auth the client properly
> >
> > I am not sure if the problem has to do with the pam_ldap not properly
> > formatted or the cert file not in proper format
> >
> > Does anyone have an example of what the pam_ldap config should look
> > like? or suggestions on checking whether the cert file is in proper
> > format
>I''m not sure.  PAM needs the ca cert of the CA that issued the
directory
>server server cert.  See
>http://directory.fedora.redhat.com/wiki/Howto:SSL for more information.
> >
That was the info I used to do the SSL setup, but I only see a part of the 
log output they indicated,

Their logs,

[18/Jul/2005:20:33:36 -0400] conn=4 op=0 EXT
oid="1.3.6.1.4.1.1466.20037"
name="startTLS"
[18/Jul/2005:20:33:36 -0400] conn=4 op=0 RESULT err=0 tag=120 nentries=0 
etime=0
[18/Jul/2005:20:33:36 -0400] conn=4 SSL 256-bit AES
[18/Jul/2005:20:33:36 -0400] conn=4 op=1 BIND dn="" method=128
version=3
[18/Jul/2005:20:33:36 -0400] conn=4 op=1 RESULT err=0 tag=97 nentries=0 
etime=0 dn=""
[18/Jul/2005:20:33:36 -0400] conn=4 op=2 SRCH base="dc=example,dc=com"
scope=2 filter="(uid=testuser)" attrs=ALL

My Logs,

[04/Dec/2006:14:35:52 -0500] conn=757 op=0 EXT
oid="1.3.6.1.4.1.1466.20037"
name="startTLS"
[04/Dec/2006:14:35:52 -0500] conn=757 op=0 RESULT err=0 tag=120 nentries=0 
etime=0
[04/Dec/2006:14:35:52 -0500] conn=757 SSL 256-bit AES
[04/Dec/2006:14:35:52 -0500] conn=757 op=1 UNBIND
[04/Dec/2006:14:35:52 -0500] conn=757 op=1 fd=71 closed - U1

For some reason my setup dies just before querying the FDS to determine user 
details

Do you know of any tests that I can run just on the client server to 
determine proper confuguration?




> > Also what''s the UNBIND shown in the logs?
> >
> > Thanks
> >
> >> From: fedora-directory-users-request@redhat.com
> >> Reply-To: fedora-directory-users@redhat.com
> >> To: fedora-directory-users@redhat.com
> >> Subject: Fedora-directory-users Digest, Vol 19, Issue 1
> >> Date: Fri,  1 Dec 2006 12:00:06 -0500 (EST)
> >>
> >> Send Fedora-directory-users mailing list submissions to
> >>     fedora-directory-users@redhat.com
> >>
> >> To subscribe or unsubscribe via the World Wide Web, visit
> >>     https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >> or, via email, send a message with subject or body
''help'' to
> >>     fedora-directory-users-request@redhat.com
> >>
> >> You can reach the person managing the list at
> >>     fedora-directory-users-owner@redhat.com
> >>
> >> When replying, please edit your Subject line so it is more
specific
> >> than "Re: Contents of Fedora-directory-users digest..."
> >>
> >>
> >> Today''s Topics:
> >>
> >>    1. pam_ldap with SSL/TLS (t b)
> >>    2. RE: pam_ldap with SSL/TLS (Morris, Patrick)
> >>    3. Re: pam_ldap with SSL/TLS (Richard Megginson)
> >>    4. Problem with SSL console in X in specific    circumstances
> >>       (Philip Kime)
> >>    5. FW: [Fedora-directory-users] Extracting details from
> >>       ActiveDirectoryto FDS (Paxton, Darren)
> >>    6. alias in fedora directory server (patrick ndjientcheu
ngandjui)
> >>    7. Re: FW: [Fedora-directory-users] Extracting details    from
> >>       ActiveDirectoryto FDS (Nicholas Byrne)
> >>    8. Re: Memory usage (koniczynek)
> >>    9. Re: Memory usage (David Boreham)
> >>   10. Re: Memory usage (koniczynek)
> >>
> >>
> >>
----------------------------------------------------------------------
> >>
> >> Message: 1
> >> Date: Thu, 30 Nov 2006 12:31:50 -0500
> >> From: "t b" <mxheadroom@hotmail.com>
> >> Subject: [Fedora-directory-users] pam_ldap with SSL/TLS
> >> To: fedora-directory-users@redhat.com
> >> Message-ID: <BAY116-F322745E96D702ED748B1D0CDDB0@phx.gbl>
> >> Content-Type: text/plain; format=flowed
> >>
> >> I am trying to setup pam_ldap to use TLS to communicate with the
FDS,
> >> but
> >> having lots of problems doing so; it works if I use the
unencrypted
> >> way but
> >> not if I use ldaps ( port 636 )
> >>
> >> I used the instructions at,
> >> http://directory.fedora.redhat.com/wiki/Howto:PAM
> >>
> >> Has anyone gotten PAM to work TLS
> >>
> >>
> >> Thanks
> >>
> >> _________________________________________________________________
> >> Buy, Load, Play. The new Sympatico / MSN Music Store works
seamlessly
> >> with
> >> Windows Media Player. Just Click PLAY.
> >> 
>http://musicstore.sympatico.msn.ca/content/viewer.aspx?cid=SMS_Sept192006
> >>
> >>
> >>
> >>
> >> ------------------------------
> >>
> >> Message: 2
> >> Date: Thu, 30 Nov 2006 13:00:56 -0500
> >> From: "Morris, Patrick" <patrick.morris@hp.com>
> >> Subject: RE: [Fedora-directory-users] pam_ldap with SSL/TLS
> >> To: "General discussion list for the Fedora Directory server
project."
> >>     <fedora-directory-users@redhat.com>
> >> Message-ID:
> >>     
><CD18C81835E18A40A64C4A0D16A237BE05FE850D@ATAEXC01.americas.cpqcorp.net>
> >>
> >>
> >> Content-Type: text/plain;    charset="US-ASCII"
> >>
> >> > I am trying to setup pam_ldap to use TLS to communicate with
> >> > the FDS, but having lots of problems doing so; it works if I
> >> > use the unencrypted way but not if I use ldaps ( port 636 )
> >>
> >> Someone should jump in here and correct me if I''m wrong,
but I believe
> >> it''s normal for TLS connections to happen on the standard
LDAP port.
> >> You should be able to tell from your logs whether the connection
is
> >> encrypted or not.
> >>
> >>
> >>
> >> ------------------------------
> >>
> >> Message: 3
> >> Date: Thu, 30 Nov 2006 11:08:08 -0700
> >> From: Richard Megginson <rmeggins@redhat.com>
> >> Subject: Re: [Fedora-directory-users] pam_ldap with SSL/TLS
> >> To: "General discussion list for the Fedora Directory server
project."
> >>     <fedora-directory-users@redhat.com>
> >> Message-ID: <456F1E08.40601@redhat.com>
> >> Content-Type: text/plain; charset="iso-8859-1"
> >>
> >> Morris, Patrick wrote:
> >> >> I am trying to setup pam_ldap to use TLS to communicate
with
> >> >> the FDS, but having lots of problems doing so; it works
if I
> >> >> use the unencrypted way but not if I use ldaps ( port 636
)
> >> >>
> >> >
> >> > Someone should jump in here and correct me if I''m
wrong, but I
>believe
> >> > it''s normal for TLS connections to happen on the
standard LDAP port.
> >> > You should be able to tell from your logs whether the
connection is
> >> > encrypted or not.
> >> >
> >> Yes.  The LDAP "preferred" way is to use the startTLS
extended
>operation
> >> which starts a TLS session on the non-secure port.  This will be
logged
> >> in the access log.
> >> > --
> >> > Fedora-directory-users mailing list
> >> > Fedora-directory-users@redhat.com
> >> >
https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >> >
> >> -------------- next part --------------
> >> A non-text attachment was scrubbed...
> >> Name: smime.p7s
> >> Type: application/x-pkcs7-signature
> >> Size: 3178 bytes
> >> Desc: S/MIME Cryptographic Signature
> >> Url :
> >> 
>https://www.redhat.com/archives/fedora-directory-users/attachments/20061130/0634e78a/smime.bin
> >>
> >>
> >> ------------------------------
> >>
> >> Message: 4
> >> Date: Thu, 30 Nov 2006 18:02:55 -0800
> >> From: "Philip Kime" <pkime@Shopzilla.com>
> >> Subject: [Fedora-directory-users] Problem with SSL console in X in
> >>     specific    circumstances
> >> To: <fedora-directory-users@redhat.com>
> >> Message-ID:
> >>    
<9C0091F428E697439E7A773FFD083427435BE3@szexchange.Shopzilla.inc>
> >> Content-Type: text/plain; charset="us-ascii"
> >>
> >> Here''s the problem:
> >>
> >> Running startconsole (SSL) to a remote display on a PC X-server 
>(xwin32)
> >> works fine and requires that my windows home dir on the PC
X-server
> >> machine has .fedora-console/ containing cert8.db and key3.db, as
you''d
> >> expect. If I rename this dir, the console hangs at the splash
screen.
>So
> >> far, so good, all makes sense.
> >>
> >> If I try the same thing to cygwin''s X server on same
machine or to an X
> >> server on a Mac running OSX, startconsole always hangs as if it
can''t
> >> find ~/.fedora-console on the local machine. I''ve tried
copying this
>dir
> >> to what cygwin/OSX thinks is the user''s home dir but no
luck. Where
> >> should I put the Cert db files under "real" UNIX X to
get the SSL
> >> console to work? Also tried ~/.mmc as per the docs but I could
never
>get
> >> this to work.
> >>
> >> PK
> >>
> >> --
> >> Philip Kime
> >> NOPS Systems Architect
> >> 310 401 0407
> >>
> >> -------------- next part --------------
> >> An HTML attachment was scrubbed...
> >> URL:
> >> 
>https://www.redhat.com/archives/fedora-directory-users/attachments/20061130/054ecbd6/attachment.html
> >>
> >>
> >> ------------------------------
> >>
> >> Message: 5
> >> Date: Fri, 1 Dec 2006 08:04:30 -0000
> >> From: "Paxton, Darren" <Darren.Paxton@mercer.com>
> >> Subject: FW: [Fedora-directory-users] Extracting details from
> >>     ActiveDirectoryto FDS
> >> To: <Fedora-directory-users@redhat.com>
> >> Message-ID:
> >>    
<52F7C07B119CF4439B7EFBFE0FB3256B027CBD02@eidwpexms06.mercer.com>
> >> Content-Type: text/plain; charset="us-ascii"
> >>
> >> Skipped content of type multipart/alternative-------------- next
part
> >> --------------
> >> --
> >> Fedora-directory-users mailing list
> >> Fedora-directory-users@redhat.com
> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>
> >> ------------------------------
> >>
> >> Message: 6
> >> Date: Fri, 1 Dec 2006 08:10:42 +0000 (GMT)
> >> From: patrick ndjientcheu ngandjui <tchen_pat@yahoo.fr>
> >> Subject: [Fedora-directory-users] alias in fedora directory server
> >> To: Fedora-directory-users@redhat.com
> >> Message-ID:
<20061201081042.78578.qmail@web25801.mail.ukl.yahoo.com>
> >> Content-Type: text/plain; charset="iso-8859-1"
> >>
> >> Hi,
> >> I would like to know how to use alias in fedora directory
server.It
> >> seems that it is used for point to another entry in the
directory,but
> >> i don''t know how to use this feature.May someone helps me
on this
> >> issue? I would really appreciate an example.
> >>
> >> Thanks
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> 
>___________________________________________________________________________
> >>
> >> Découvrez une nouvelle façon d''obtenir des réponses à
toutes vos
> >> questions !
> >> Profitez des connaissances, des opinions et des expériences des
> >> internautes sur Yahoo! Questions/Réponses
> >> http://fr.answers.yahoo.com
> >> -------------- next part --------------
> >> An HTML attachment was scrubbed...
> >> URL:
> >> 
>https://www.redhat.com/archives/fedora-directory-users/attachments/20061201/0fa54e4f/attachment.html
> >>
> >>
> >> ------------------------------
> >>
> >> Message: 7
> >> Date: Fri, 01 Dec 2006 11:50:13 +0000
> >> From: Nicholas Byrne <nicholas.byrne@quadriga.com>
> >> Subject: Re: FW: [Fedora-directory-users] Extracting details   
from
> >>     ActiveDirectoryto FDS
> >> To: "General discussion list for the Fedora Directory server
project."
> >>     <fedora-directory-users@redhat.com>
> >> Message-ID: <457016F5.5030202@quadriga.com>
> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >>
> >> Your messages got through - you can confirm by checking the
archives  -
> >> https://www.redhat.com/archives/fedora-directory-users/
> >>
> >> I''m a new user as well so i''m afraid i
can''t answer your question, but
> >> if you keep asking i''m sure someone will know!
> >> Nick
> >>
> >> Paxton, Darren wrote:
> >> > Apologies for mailing yet again, however either my messages
are not
> >> > getting through (something I don''t believe as I keep
getting the post
> >> > to the mailing list) - or for some reason, no one is willing
to even
> >> > acknowledge my issue.
> >> >
> >> > In the spirit of the community - can someone at least
acknowledge a
> >> > message as I find it quite disheartening that I have had no
replies
>at
> >> > all even if just to point me somewhere for assistance.
> >> >
> >> >
> >> 
>------------------------------------------------------------------------
> >> > *From:* fedora-directory-users-bounces@redhat.com
> >> > [mailto:fedora-directory-users-bounces@redhat.com] *On Behalf
Of
> >> > *Paxton, Darren
> >> > *Sent:* 30 November 2006 08:46
> >> > *To:* General discussion list for the Fedora Directory server
>project.
> >> > *Subject:* RE: [Fedora-directory-users] Extracting details
from
> >> > ActiveDirectoryto FDS
> >> >
> >> > Hi
> >> >
> >> > Has anyone had any thoughts on my query or can point me in
the right
> >> > direction?
> >> >
> >> > As is the nature of AD, I would have thought it is possible
to
>extract
> >> > this information using a scope setting or something similar.
> >> >
> >> > Thanks
> >> >
> >> > Darren
> >> >
> >> >
> >> 
>------------------------------------------------------------------------
> >> >     *From:* fedora-directory-users-bounces@redhat.com
> >> >     [mailto:fedora-directory-users-bounces@redhat.com] *On
Behalf Of
> >> >     *Paxton, Darren
> >> >     *Sent:* 24 November 2006 14:56
> >> >     *To:* fedora-directory-users@redhat.com
> >> >     *Subject:* [Fedora-directory-users] Extracting details
from
>Active
> >> >     Directoryto FDS
> >> >
> >> >     Hi all,
> >> >
> >> >     I''ve been tinkering with integrating our Linux
devices into our
>AD
> >> >     domain for some time and I''ve hit a few brick
walls, however I''ve
> >> >     recently discovered FDS and the synchronisation features
with AD.
> >> >
> >> >     I''ve managed to set up a few replication jobs,
however due to the
> >> >     extensive nature of our AD, I''ve realised that
the sync only
>takes
> >> >     the group and user objects from the OU or CN being
specified.
> >> >
> >> >     Is there any way I can specify that it should traverse
all
> >> >     subtrees of an OU and extract all that information back
into FDS?
> >> >
> >> >     Thanks
> >> >
> >> >     Darren
> >> >
> >> >     --
> >> >     Darren Paxton
> >> >     EMEA Tier2
> >> >     Red Hat Certified Engineer
> >> >     VMware Certified Professional
> >> >     MGTI Centralised ops
> >> >
> >> >
> >> > This e-mail and any attachments may be confidential or
legally
> >> > privileged.If you received this message in error or are not
the
> >> > intended recipient, you should destroy the email message and
any
> >> > attachments or copies, and you are prohibited from retaining,
> >> > distributing, disclosing or using any information contained
herein.
> >> > Please inform us of the erroneous delivery by return e-mail.
Thank
>you
> >> > for your co-operation.
> >> >
> >> > Mercer Human Resource Consulting Limited is authorised and
regulated
> >> > by the Financial Services Authority. Registered in England
No.
>984275.
> >> > Registered Office: 1 Tower Place West, Tower Place, London,
EC3R 5BU.
> >> >
> >> >
> >> 
>------------------------------------------------------------------------
> >> >
> >> > --
> >> > Fedora-directory-users mailing list
> >> > Fedora-directory-users@redhat.com
> >> >
https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >> >
> >> >
> >> 
>------------------------------------------------------------------------
> >> >
> >> > --
> >> > Fedora-directory-users mailing list
> >> > Fedora-directory-users@redhat.com
> >> >
https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >> >
> >>
> >>
> >>
> >> This e-mail is the property of Quadriga Worldwide Ltd, intended
for
> >> the addressee only and confidential.  Any dissemination, copying
or
> >> distribution of this message or any attachments is strictly
prohibited.
> >>
> >> If you have received this message in error, please notify us
> >> immediately by replying to the message and deleting it from your
> >> computer.
> >>
> >> Messages sent to and from Quadriga may be monitored.
> >>
> >> Quadriga cannot guarantee any message delivery method is secure or
> >> error-free.  Information could be intercepted, corrupted, lost,
> >> destroyed, arrive late or incomplete, or contain viruses.
> >>
> >> We do not accept responsibility for any errors or omissions in
this
> >> message and/or attachment that arise as a result of transmission.
> >>
> >> You should carry out your own virus checks before opening any
> >> attachment.
> >>
> >> Any views or opinions presented are solely those of the author and
do
> >> not necessarily represent those of Quadriga.
> >>
> >>
> >>
> >> ------------------------------
> >>
> >> Message: 8
> >> Date: Fri, 01 Dec 2006 16:45:28 +0100
> >> From: koniczynek <koniczynek@uaznia.net>
> >> Subject: Re: [Fedora-directory-users] Memory usage
> >> To: "General discussion list for the Fedora Directory server
project."
> >>     <fedora-directory-users@redhat.com>
> >> Message-ID: <45704E18.3070705@uaznia.net>
> >> Content-Type: text/plain; charset=ISO-8859-2; format=flowed
> >>
> >> Richard Megginson napisa³(a):
> >> > This is an excellent cache/memory tuning document from a Sun 
>employee,
> >> > primarily targeted to Sun DS users, but almost all of the
> >> information is
> >> > relevant to Fedora DS (since they share a common lineage).
> >> >
> >> > http://www.directorymanager.org/blogs/ds_cache_sizing.pdf
> >> Lets say I heven''t got much time lately so without
thinking I''ve
>changed
> >> in dse.ldif
> >> nsslapd-import-cache-autosize from -1 to 1 and after restarting
I''ve
> >> started to receive errors like: "3 Time limit exceeded"
Someone do know
> >> what to do? ;)
> >>
> >> --
> >> xmpp/email: koniczynek@uaznia.net
> >> xmpp/email: koniczynek@gmail.com
> >>
> >>
> >>
> >> ------------------------------
> >>
> >> Message: 9
> >> Date: Fri, 01 Dec 2006 09:15:14 -0700
> >> From: David Boreham <david_list@boreham.org>
> >> Subject: Re: [Fedora-directory-users] Memory usage
> >> To: "General discussion list for the Fedora Directory server
project."
> >>     <fedora-directory-users@redhat.com>
> >> Message-ID: <45705512.4070808@boreham.org>
> >> Content-Type: text/plain; charset=ISO-8859-2; format=flowed
> >>
> >> koniczynek wrote:
> >>
> >> > Richard Megginson napisa³(a):
> >> >
> >> >> This is an excellent cache/memory tuning document from a
Sun
> >> >> employee, primarily targeted to Sun DS users, but almost
all of the
> >> >> information is relevant to Fedora DS (since they share a
common
> >> >> lineage).
> >> >>
> >> >> http://www.directorymanager.org/blogs/ds_cache_sizing.pdf
> >> >
> >> > Lets say I heven''t got much time lately so without
thinking I''ve
> >> > changed in dse.ldif
> >> > nsslapd-import-cache-autosize from -1 to 1 and after
restarting I''ve
> >> > started to receive errors like: "3 Time limit
exceeded" Someone do
> >> > know what to do? ;)
> >> >
> >> Change it back ?
> >>
> >>
> >>
> >>
> >>
> >> ------------------------------
> >>
> >> Message: 10
> >> Date: Fri, 01 Dec 2006 17:53:22 +0100
> >> From: koniczynek <koniczynek@uaznia.net>
> >> Subject: Re: [Fedora-directory-users] Memory usage
> >> To: "General discussion list for the Fedora Directory server
project."
> >>     <fedora-directory-users@redhat.com>
> >> Message-ID: <45705E02.7020709@uaznia.net>
> >> Content-Type: text/plain; charset=ISO-8859-2
> >>
> >> David Boreham, dnia 2006-12-01 17:15 napisal:
> >> >> Lets say I heven''t got much time lately so
without thinking I''ve
> >> >> changed in dse.ldif
> >> >> nsslapd-import-cache-autosize from -1 to 1 and after
restarting I''ve
> >> >> started to receive errors like: "3 Time limit
exceeded" Someone do
> >> >> know what to do? ;)
> >> > Change it back ?
> >> man, please, show some respect ;) I did change it back, but to no 
>avail.
> >> Also I can say (to stop further questions): yes, I''ve
stopped the
>server
> >> before change.
> >>
> >> --
> >> email/xmpp: koniczynek@uaznia.net
> >>
> >>
> >>
> >> ------------------------------
> >>
> >> --
> >> Fedora-directory-users mailing list
> >> Fedora-directory-users@redhat.com
> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >>
> >>
> >> End of Fedora-directory-users Digest, Vol 19, Issue 1
> >> *****************************************************
> >
> > _________________________________________________________________
> > Off to school, going on a trip, or moving? Windows Live (MSN)
> > Messenger lets you stay in touch with friends and family wherever you
> > go. Click here to find out how to sign up!
> > http://www.telusmobility.com/msnxbox/
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: smime.p7s
>Type: application/x-pkcs7-signature
>Size: 3178 bytes
>Desc: S/MIME Cryptographic Signature
>Url : 
>https://www.redhat.com/archives/fedora-directory-users/attachments/20061201/7d15c5b4/smime.bin
>
>------------------------------
>
>Message: 2
>Date: Fri, 01 Dec 2006 15:23:28 -0800
>From: To Ngan <tngan@redhat.com>
>Subject: Re: [Fedora-directory-users] AD + FDS sync stops working?
>To: "General discussion list for the Fedora Directory server
project."
>	<fedora-directory-users@redhat.com>
>Message-ID: <4570B970.3070901@redhat.com>
>Content-Type: text/plain; charset="windows-1252"
>
>Dan Oglesby wrote:
> > I tried the following:
> >
> > In windows registry->HKLM->Software->PasswordSync, try add
string value
>“Log
> > Level” and set it to “1”.  Restart the passsync service.  This should 
>log
> > all transactions and errors.  Turn this back to "0" and
restart passsync
> > after troubleshooting.
> >
> > All I see in the log is this:
> >
> > 11/30/06 09:12:58: begin log
> > 11/30/06 09:12:59: 0 new entries loaded from file
> > 11/30/06 09:14:20: 0 new entries loaded from file
> > 11/30/06 09:14:20: 0 entries saved to file
> > 11/30/06 09:14:20: end log
> > 11/30/06 09:14:22: begin log
> > 11/30/06 09:14:22: 0 new entries loaded from file
> >
> > That’s after restarting the passsync service twice, and changing a 
>user’s
> > password in AD four times.
> >
>
>Hmm... 2 Windows sync stopped working together after 6 months. Any cert
>on AD or DS side expired?
>--
>toto
>
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: smime.p7s
>Type: application/x-pkcs7-signature
>Size: 3233 bytes
>Desc: S/MIME Cryptographic Signature
>Url : 
>https://www.redhat.com/archives/fedora-directory-users/attachments/20061201/b9f1ea83/smime.bin
>
>------------------------------
>
>Message: 3
>Date: Sat, 02 Dec 2006 09:28:17 +0100
>From: koniczynek <koniczynek@uaznia.net>
>Subject: Re: [Fedora-directory-users] Memory usage
>To: "General discussion list for the Fedora Directory server
project."
>	<fedora-directory-users@redhat.com>
>Message-ID: <45713921.1080009@uaznia.net>
>Content-Type: text/plain; charset=ISO-8859-2
>
>Richard Megginson, dnia 2006-12-01 18:00 napisal:
> >> man, please, show some respect ;) I did change it back, but to no 
>avail.
> >> Also I can say (to stop further questions): yes, I''ve
stopped the
>server
> >> before change.
> >>
> > What types of searches are returning time limit exceeded?  Can you
post
> > relevant excerpts from the access and error logs?
>I''m "benchmarking" my FDS with "ldapsearch -x"
and earlier it worked and
>now it does not. In error logs there were "err=3" but I
don''t remember
>much more and I''ll have access to the logs on Monday, so till then,
only
>  I can provide only this information (because I do not remember anything
>more ;) )
>
>--
>email/xmpp: koniczynek@uaznia.net
>
>
>
>------------------------------
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users@redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>End of Fedora-directory-users Digest, Vol 19, Issue 3
>*****************************************************
_________________________________________________________________
Off to school, going on a trip, or moving? Windows Live (MSN) Messenger lets 
you stay in touch with friends and family wherever you go. Click here to 
find out how to sign up!  http://www.telusmobility.com/msnxbox/

OMG please remove necessary information from the post, because now it''s
hard to find what you wrote! And this happens in all of your posts ;) so
please, for the clarity and for the future use (mailing list archive) ;)

Richard Megginson, dnia 2006-12-05 16:19 napisal:
> t b wrote:
>>> From: fedora-directory-users-request@redhat.com
>>> Reply-To: fedora-directory-users@redhat.com
>>> To: fedora-directory-users@redhat.com
>>> Subject: Fedora-directory-users Digest, Vol 19, Issue 3
>>> Date: Sat, 2 Dec 2006 12:00:05 -0500 (EST)
>>>
>>> Send Fedora-directory-users mailing list submissions to
>>> fedora-directory-users@redhat.com
>>>
>>> To subscribe or unsubscribe via the World Wide Web, visit
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> or, via email, send a message with subject or body
''help'' to
>>> fedora-directory-users-request@redhat.com
>>>
>>> You can reach the person managing the list at
>>> fedora-directory-users-owner@redhat.com
>>>
>>> When replying, please edit your Subject line so it is more specific
>>> than "Re: Contents of Fedora-directory-users digest..."
>>>
>>>
>>> Today''s Topics:
>>>
>>> 1. Re: RE: Fedora-directory-users Digest, Vol 19, Issue 1
>>> (Richard Megginson)
>>> 2. Re: AD + FDS sync stops working? (To Ngan)
>>> 3. Re: Memory usage (koniczynek)
>>>
>>>
>>>
----------------------------------------------------------------------
>>>
>>> Message: 1
>>> Date: Fri, 01 Dec 2006 12:55:24 -0700
>>> From: Richard Megginson <rmeggins@redhat.com>
>>> Subject: Re: [Fedora-directory-users] RE: Fedora-directory-users
>>> Digest, Vol 19, Issue 1
>>> To: "General discussion list for the Fedora Directory server
project."
>>> <fedora-directory-users@redhat.com>
>>> Message-ID: <457088AC.1030004@redhat.com>
>>> Content-Type: text/plain; charset="iso-8859-1"
>>>
>>> t b wrote:
>>> > My logs seem to indicate that the connection is being
encrypted; I can
>>> > ssh to a client server and get the password prompt, but when I
enter
>>> > the password it just returns me to the password prompt again
>>> >
>>> > [01/Dec/2006:19:47:44 -0500] conn=650 fd=69 slot=69 connection
from
>>> > xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx
>>> > [01/Dec/2006:19:47:44 -0500] conn=650 op=0 EXT
>>> > oid="1.3.6.1.4.1.1466.20037"
name="startTLS"
>>> > [01/Dec/2006:19:47:44 -0500] conn=650 op=0 RESULT err=0
tag=120
>>> > nentries=0 etime=0
>>> > [01/Dec/2006:19:47:44 -0500] conn=650 SSL 256-bit AES
>>> All of this means the client was able to successfully perform the
>>> startTLS extended operation and start using SSL.
>>> > [01/Dec/2006:19:47:44 -0500] conn=650 op=1 UNBIND
>>> > [01/Dec/2006:19:47:44 -0500] conn=650 op=1 fd=69 closed - U1
>>> The UNBIND means the client had a problem and closed the
connection.
>>> Does the client print any errors? Are there any messages in the
server
>>> error log?
>>
>> On the client server it show,
>>
>> sshd[24149]: Failed password for invalid user xxxxx from
>> xxx.xxx.xxx.xxx port xxx ssh2
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>> >
>>> > If I disable TLS everything works fine, the client server can
query
>>> > the FDS and auth the client properly
>>> >
>>> > I am not sure if the problem has to do with the pam_ldap not
properly
>>> > formatted or the cert file not in proper format
>>> >
>>> > Does anyone have an example of what the pam_ldap config should
look
>>> > like? or suggestions on checking whether the cert file is in
proper
>>> > format
>>> I''m not sure. PAM needs the ca cert of the CA that issued
the directory
>>> server server cert. See
>>> http://directory.fedora.redhat.com/wiki/Howto:SSL for more
information.
>>> >
>>
>> That was the info I used to do the SSL setup, but I only see a part of
>> the log output they indicated,
>>
>> Their logs,
>>
>> [18/Jul/2005:20:33:36 -0400] conn=4 op=0 EXT
>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> [18/Jul/2005:20:33:36 -0400] conn=4 op=0 RESULT err=0 tag=120
>> nentries=0 etime=0
>> [18/Jul/2005:20:33:36 -0400] conn=4 SSL 256-bit AES
>> [18/Jul/2005:20:33:36 -0400] conn=4 op=1 BIND dn=""
method=128 version=3
>> [18/Jul/2005:20:33:36 -0400] conn=4 op=1 RESULT err=0 tag=97
>> nentries=0 etime=0 dn=""
>> [18/Jul/2005:20:33:36 -0400] conn=4 op=2 SRCH
base="dc=example,dc=com"
>> scope=2 filter="(uid=testuser)" attrs=ALL
>>
>> My Logs,
>>
>> [04/Dec/2006:14:35:52 -0500] conn=757 op=0 EXT
>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> [04/Dec/2006:14:35:52 -0500] conn=757 op=0 RESULT err=0 tag=120
>> nentries=0 etime=0
>> [04/Dec/2006:14:35:52 -0500] conn=757 SSL 256-bit AES
>> [04/Dec/2006:14:35:52 -0500] conn=757 op=1 UNBIND
>> [04/Dec/2006:14:35:52 -0500] conn=757 op=1 fd=71 closed - U1
>>
>> For some reason my setup dies just before querying the FDS to
>> determine user details
>>
>> Do you know of any tests that I can run just on the client server to
>> determine proper confuguration?
> Firstly, try /usr/bin/ldapsearch to see if you can use startTLS and bind
> as your user.
>>
>>
>>
>>
>>
>>> > Also what''s the UNBIND shown in the logs?
>>> >
>>> > Thanks
>>> >
>>> >> From: fedora-directory-users-request@redhat.com
>>> >> Reply-To: fedora-directory-users@redhat.com
>>> >> To: fedora-directory-users@redhat.com
>>> >> Subject: Fedora-directory-users Digest, Vol 19, Issue 1
>>> >> Date: Fri, 1 Dec 2006 12:00:06 -0500 (EST)
>>> >>
>>> >> Send Fedora-directory-users mailing list submissions to
>>> >> fedora-directory-users@redhat.com
>>> >>
>>> >> To subscribe or unsubscribe via the World Wide Web, visit
>>> >>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> >> or, via email, send a message with subject or body
''help'' to
>>> >> fedora-directory-users-request@redhat.com
>>> >>
>>> >> You can reach the person managing the list at
>>> >> fedora-directory-users-owner@redhat.com
>>> >>
>>> >> When replying, please edit your Subject line so it is more
specific
>>> >> than "Re: Contents of Fedora-directory-users
digest..."
>>> >>
>>> >>
>>> >> Today''s Topics:
>>> >>
>>> >> 1. pam_ldap with SSL/TLS (t b)
>>> >> 2. RE: pam_ldap with SSL/TLS (Morris, Patrick)
>>> >> 3. Re: pam_ldap with SSL/TLS (Richard Megginson)
>>> >> 4. Problem with SSL console in X in specific circumstances
>>> >> (Philip Kime)
>>> >> 5. FW: [Fedora-directory-users] Extracting details from
>>> >> ActiveDirectoryto FDS (Paxton, Darren)
>>> >> 6. alias in fedora directory server (patrick ndjientcheu
ngandjui)
>>> >> 7. Re: FW: [Fedora-directory-users] Extracting details
from
>>> >> ActiveDirectoryto FDS (Nicholas Byrne)
>>> >> 8. Re: Memory usage (koniczynek)
>>> >> 9. Re: Memory usage (David Boreham)
>>> >> 10. Re: Memory usage (koniczynek)
>>> >>
>>> >>
>>> >>
>>>
----------------------------------------------------------------------
>>> >>
>>> >> Message: 1
>>> >> Date: Thu, 30 Nov 2006 12:31:50 -0500
>>> >> From: "t b" <mxheadroom@hotmail.com>
>>> >> Subject: [Fedora-directory-users] pam_ldap with SSL/TLS
>>> >> To: fedora-directory-users@redhat.com
>>> >> Message-ID:
<BAY116-F322745E96D702ED748B1D0CDDB0@phx.gbl>
>>> >> Content-Type: text/plain; format=flowed
>>> >>
>>> >> I am trying to setup pam_ldap to use TLS to communicate
with the FDS,
>>> >> but
>>> >> having lots of problems doing so; it works if I use the
unencrypted
>>> >> way but
>>> >> not if I use ldaps ( port 636 )
>>> >>
>>> >> I used the instructions at,
>>> >> http://directory.fedora.redhat.com/wiki/Howto:PAM
>>> >>
>>> >> Has anyone gotten PAM to work TLS
>>> >>
>>> >>
>>> >> Thanks
>>> >>
>>> >>
_________________________________________________________________
>>> >> Buy, Load, Play. The new Sympatico / MSN Music Store works
seamlessly
>>> >> with
>>> >> Windows Media Player. Just Click PLAY.
>>> >>
>>>
http://musicstore.sympatico.msn.ca/content/viewer.aspx?cid=SMS_Sept192006
>>>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 2
>>> >> Date: Thu, 30 Nov 2006 13:00:56 -0500
>>> >> From: "Morris, Patrick"
<patrick.morris@hp.com>
>>> >> Subject: RE: [Fedora-directory-users] pam_ldap with
SSL/TLS
>>> >> To: "General discussion list for the Fedora Directory
server
>>> project."
>>> >> <fedora-directory-users@redhat.com>
>>> >> Message-ID:
>>> >>
>>>
<CD18C81835E18A40A64C4A0D16A237BE05FE850D@ATAEXC01.americas.cpqcorp.net>
>>> >>
>>> >>
>>> >> Content-Type: text/plain; charset="US-ASCII"
>>> >>
>>> >> > I am trying to setup pam_ldap to use TLS to
communicate with
>>> >> > the FDS, but having lots of problems doing so; it
works if I
>>> >> > use the unencrypted way but not if I use ldaps ( port
636 )
>>> >>
>>> >> Someone should jump in here and correct me if I''m
wrong, but I
>>> believe
>>> >> it''s normal for TLS connections to happen on the
standard LDAP port.
>>> >> You should be able to tell from your logs whether the
connection is
>>> >> encrypted or not.
>>> >>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 3
>>> >> Date: Thu, 30 Nov 2006 11:08:08 -0700
>>> >> From: Richard Megginson <rmeggins@redhat.com>
>>> >> Subject: Re: [Fedora-directory-users] pam_ldap with
SSL/TLS
>>> >> To: "General discussion list for the Fedora Directory
server
>>> project."
>>> >> <fedora-directory-users@redhat.com>
>>> >> Message-ID: <456F1E08.40601@redhat.com>
>>> >> Content-Type: text/plain; charset="iso-8859-1"
>>> >>
>>> >> Morris, Patrick wrote:
>>> >> >> I am trying to setup pam_ldap to use TLS to
communicate with
>>> >> >> the FDS, but having lots of problems doing so; it
works if I
>>> >> >> use the unencrypted way but not if I use ldaps (
port 636 )
>>> >> >>
>>> >> >
>>> >> > Someone should jump in here and correct me if
I''m wrong, but I
>>> believe
>>> >> > it''s normal for TLS connections to happen on
the standard LDAP
>>> port.
>>> >> > You should be able to tell from your logs whether the
connection is
>>> >> > encrypted or not.
>>> >> >
>>> >> Yes. The LDAP "preferred" way is to use the
startTLS extended
>>> operation
>>> >> which starts a TLS session on the non-secure port. This
will be
>>> logged
>>> >> in the access log.
>>> >> > --
>>> >> > Fedora-directory-users mailing list
>>> >> > Fedora-directory-users@redhat.com
>>> >> >
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> >> >
>>> >> -------------- next part --------------
>>> >> A non-text attachment was scrubbed...
>>> >> Name: smime.p7s
>>> >> Type: application/x-pkcs7-signature
>>> >> Size: 3178 bytes
>>> >> Desc: S/MIME Cryptographic Signature
>>> >> Url :
>>> >>
>>>
https://www.redhat.com/archives/fedora-directory-users/attachments/20061130/0634e78a/smime.bin
>>>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 4
>>> >> Date: Thu, 30 Nov 2006 18:02:55 -0800
>>> >> From: "Philip Kime" <pkime@Shopzilla.com>
>>> >> Subject: [Fedora-directory-users] Problem with SSL console
in X in
>>> >> specific circumstances
>>> >> To: <fedora-directory-users@redhat.com>
>>> >> Message-ID:
>>> >>
<9C0091F428E697439E7A773FFD083427435BE3@szexchange.Shopzilla.inc>
>>> >> Content-Type: text/plain; charset="us-ascii"
>>> >>
>>> >> Here''s the problem:
>>> >>
>>> >> Running startconsole (SSL) to a remote display on a PC
X-server
>>> (xwin32)
>>> >> works fine and requires that my windows home dir on the PC
X-server
>>> >> machine has .fedora-console/ containing cert8.db and
key3.db, as
>>> you''d
>>> >> expect. If I rename this dir, the console hangs at the
splash
>>> screen. So
>>> >> far, so good, all makes sense.
>>> >>
>>> >> If I try the same thing to cygwin''s X server on
same machine or to
>>> an X
>>> >> server on a Mac running OSX, startconsole always hangs as
if it can''t
>>> >> find ~/.fedora-console on the local machine. I''ve
tried copying
>>> this dir
>>> >> to what cygwin/OSX thinks is the user''s home dir
but no luck. Where
>>> >> should I put the Cert db files under "real" UNIX
X to get the SSL
>>> >> console to work? Also tried ~/.mmc as per the docs but I
could
>>> never get
>>> >> this to work.
>>> >>
>>> >> PK
>>> >>
>>> >> --
>>> >> Philip Kime
>>> >> NOPS Systems Architect
>>> >> 310 401 0407
>>> >>
>>> >> -------------- next part --------------
>>> >> An HTML attachment was scrubbed...
>>> >> URL:
>>> >>
>>>
https://www.redhat.com/archives/fedora-directory-users/attachments/20061130/054ecbd6/attachment.html
>>>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 5
>>> >> Date: Fri, 1 Dec 2006 08:04:30 -0000
>>> >> From: "Paxton, Darren"
<Darren.Paxton@mercer.com>
>>> >> Subject: FW: [Fedora-directory-users] Extracting details
from
>>> >> ActiveDirectoryto FDS
>>> >> To: <Fedora-directory-users@redhat.com>
>>> >> Message-ID:
>>> >>
<52F7C07B119CF4439B7EFBFE0FB3256B027CBD02@eidwpexms06.mercer.com>
>>> >> Content-Type: text/plain; charset="us-ascii"
>>> >>
>>> >> Skipped content of type
multipart/alternative-------------- next part
>>> >> --------------
>>> >> --
>>> >> Fedora-directory-users mailing list
>>> >> Fedora-directory-users@redhat.com
>>> >>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 6
>>> >> Date: Fri, 1 Dec 2006 08:10:42 +0000 (GMT)
>>> >> From: patrick ndjientcheu ngandjui
<tchen_pat@yahoo.fr>
>>> >> Subject: [Fedora-directory-users] alias in fedora
directory server
>>> >> To: Fedora-directory-users@redhat.com
>>> >> Message-ID:
<20061201081042.78578.qmail@web25801.mail.ukl.yahoo.com>
>>> >> Content-Type: text/plain; charset="iso-8859-1"
>>> >>
>>> >> Hi,
>>> >> I would like to know how to use alias in fedora directory
server.It
>>> >> seems that it is used for point to another entry in the
directory,but
>>> >> i don''t know how to use this feature.May someone
helps me on this
>>> >> issue? I would really appreciate an example.
>>> >>
>>> >> Thanks
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>>
___________________________________________________________________________
>>>
>>> >>
>>> >> Découvrez une nouvelle façon d''obtenir des
réponses à toutes vos
>>> >> questions !
>>> >> Profitez des connaissances, des opinions et des
expériences des
>>> >> internautes sur Yahoo! Questions/Réponses
>>> >> http://fr.answers.yahoo.com
>>> >> -------------- next part --------------
>>> >> An HTML attachment was scrubbed...
>>> >> URL:
>>> >>
>>>
https://www.redhat.com/archives/fedora-directory-users/attachments/20061201/0fa54e4f/attachment.html
>>>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 7
>>> >> Date: Fri, 01 Dec 2006 11:50:13 +0000
>>> >> From: Nicholas Byrne <nicholas.byrne@quadriga.com>
>>> >> Subject: Re: FW: [Fedora-directory-users] Extracting
details from
>>> >> ActiveDirectoryto FDS
>>> >> To: "General discussion list for the Fedora Directory
server
>>> project."
>>> >> <fedora-directory-users@redhat.com>
>>> >> Message-ID: <457016F5.5030202@quadriga.com>
>>> >> Content-Type: text/plain; charset=ISO-8859-1;
format=flowed
>>> >>
>>> >> Your messages got through - you can confirm by checking
the
>>> archives -
>>> >> https://www.redhat.com/archives/fedora-directory-users/
>>> >>
>>> >> I''m a new user as well so i''m afraid i
can''t answer your question,
>>> but
>>> >> if you keep asking i''m sure someone will know!
>>> >> Nick
>>> >>
>>> >> Paxton, Darren wrote:
>>> >> > Apologies for mailing yet again, however either my
messages are not
>>> >> > getting through (something I don''t believe
as I keep getting the
>>> post
>>> >> > to the mailing list) - or for some reason, no one is
willing to
>>> even
>>> >> > acknowledge my issue.
>>> >> >
>>> >> > In the spirit of the community - can someone at least
acknowledge a
>>> >> > message as I find it quite disheartening that I have
had no
>>> replies at
>>> >> > all even if just to point me somewhere for
assistance.
>>> >> >
>>> >> >
>>> >>
>>>
------------------------------------------------------------------------
>>> >> > *From:* fedora-directory-users-bounces@redhat.com
>>> >> > [mailto:fedora-directory-users-bounces@redhat.com]
*On Behalf Of
>>> >> > *Paxton, Darren
>>> >> > *Sent:* 30 November 2006 08:46
>>> >> > *To:* General discussion list for the Fedora
Directory server
>>> project.
>>> >> > *Subject:* RE: [Fedora-directory-users] Extracting
details from
>>> >> > ActiveDirectoryto FDS
>>> >> >
>>> >> > Hi
>>> >> >
>>> >> > Has anyone had any thoughts on my query or can point
me in the
>>> right
>>> >> > direction?
>>> >> >
>>> >> > As is the nature of AD, I would have thought it is
possible to
>>> extract
>>> >> > this information using a scope setting or something
similar.
>>> >> >
>>> >> > Thanks
>>> >> >
>>> >> > Darren
>>> >> >
>>> >> >
>>> >>
>>>
------------------------------------------------------------------------
>>> >> > *From:* fedora-directory-users-bounces@redhat.com
>>> >> > [mailto:fedora-directory-users-bounces@redhat.com]
*On Behalf Of
>>> >> > *Paxton, Darren
>>> >> > *Sent:* 24 November 2006 14:56
>>> >> > *To:* fedora-directory-users@redhat.com
>>> >> > *Subject:* [Fedora-directory-users] Extracting
details from Active
>>> >> > Directoryto FDS
>>> >> >
>>> >> > Hi all,
>>> >> >
>>> >> > I''ve been tinkering with integrating our
Linux devices into our AD
>>> >> > domain for some time and I''ve hit a few
brick walls, however I''ve
>>> >> > recently discovered FDS and the synchronisation
features with AD.
>>> >> >
>>> >> > I''ve managed to set up a few replication
jobs, however due to the
>>> >> > extensive nature of our AD, I''ve realised
that the sync only takes
>>> >> > the group and user objects from the OU or CN being
specified.
>>> >> >
>>> >> > Is there any way I can specify that it should
traverse all
>>> >> > subtrees of an OU and extract all that information
back into FDS?
>>> >> >
>>> >> > Thanks
>>> >> >
>>> >> > Darren
>>> >> >
>>> >> > --
>>> >> > Darren Paxton
>>> >> > EMEA Tier2
>>> >> > Red Hat Certified Engineer
>>> >> > VMware Certified Professional
>>> >> > MGTI Centralised ops
>>> >> >
>>> >> >
>>> >> > This e-mail and any attachments may be confidential
or legally
>>> >> > privileged.If you received this message in error or
are not the
>>> >> > intended recipient, you should destroy the email
message and any
>>> >> > attachments or copies, and you are prohibited from
retaining,
>>> >> > distributing, disclosing or using any information
contained herein.
>>> >> > Please inform us of the erroneous delivery by return
e-mail.
>>> Thank you
>>> >> > for your co-operation.
>>> >> >
>>> >> > Mercer Human Resource Consulting Limited is
authorised and
>>> regulated
>>> >> > by the Financial Services Authority. Registered in
England No.
>>> 984275.
>>> >> > Registered Office: 1 Tower Place West, Tower Place,
London, EC3R
>>> 5BU.
>>> >> >
>>> >> >
>>> >>
>>>
------------------------------------------------------------------------
>>> >> >
>>> >> > --
>>> >> > Fedora-directory-users mailing list
>>> >> > Fedora-directory-users@redhat.com
>>> >> >
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> >> >
>>> >> >
>>> >>
>>>
------------------------------------------------------------------------
>>> >> >
>>> >> > --
>>> >> > Fedora-directory-users mailing list
>>> >> > Fedora-directory-users@redhat.com
>>> >> >
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> >> >
>>> >>
>>> >>
>>> >>
>>> >> This e-mail is the property of Quadriga Worldwide Ltd,
intended for
>>> >> the addressee only and confidential. Any dissemination,
copying or
>>> >> distribution of this message or any attachments is
strictly
>>> prohibited.
>>> >>
>>> >> If you have received this message in error, please notify
us
>>> >> immediately by replying to the message and deleting it
from your
>>> >> computer.
>>> >>
>>> >> Messages sent to and from Quadriga may be monitored.
>>> >>
>>> >> Quadriga cannot guarantee any message delivery method is
secure or
>>> >> error-free. Information could be intercepted, corrupted,
lost,
>>> >> destroyed, arrive late or incomplete, or contain viruses.
>>> >>
>>> >> We do not accept responsibility for any errors or
omissions in this
>>> >> message and/or attachment that arise as a result of
transmission.
>>> >>
>>> >> You should carry out your own virus checks before opening
any
>>> >> attachment.
>>> >>
>>> >> Any views or opinions presented are solely those of the
author and do
>>> >> not necessarily represent those of Quadriga.
>>> >>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 8
>>> >> Date: Fri, 01 Dec 2006 16:45:28 +0100
>>> >> From: koniczynek <koniczynek@uaznia.net>
>>> >> Subject: Re: [Fedora-directory-users] Memory usage
>>> >> To: "General discussion list for the Fedora Directory
server
>>> project."
>>> >> <fedora-directory-users@redhat.com>
>>> >> Message-ID: <45704E18.3070705@uaznia.net>
>>> >> Content-Type: text/plain; charset=ISO-8859-2;
format=flowed
>>> >>
>>> >> Richard Megginson napisa³(a):
>>> >> > This is an excellent cache/memory tuning document
from a Sun
>>> employee,
>>> >> > primarily targeted to Sun DS users, but almost all of
the
>>> >> information is
>>> >> > relevant to Fedora DS (since they share a common
lineage).
>>> >> >
>>> >> >
http://www.directorymanager.org/blogs/ds_cache_sizing.pdf
>>> >> Lets say I heven''t got much time lately so
without thinking I''ve
>>> changed
>>> >> in dse.ldif
>>> >> nsslapd-import-cache-autosize from -1 to 1 and after
restarting I''ve
>>> >> started to receive errors like: "3 Time limit
exceeded" Someone do
>>> know
>>> >> what to do? ;)
>>> >>
>>> >> --
>>> >> xmpp/email: koniczynek@uaznia.net
>>> >> xmpp/email: koniczynek@gmail.com
>>> >>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 9
>>> >> Date: Fri, 01 Dec 2006 09:15:14 -0700
>>> >> From: David Boreham <david_list@boreham.org>
>>> >> Subject: Re: [Fedora-directory-users] Memory usage
>>> >> To: "General discussion list for the Fedora Directory
server
>>> project."
>>> >> <fedora-directory-users@redhat.com>
>>> >> Message-ID: <45705512.4070808@boreham.org>
>>> >> Content-Type: text/plain; charset=ISO-8859-2;
format=flowed
>>> >>
>>> >> koniczynek wrote:
>>> >>
>>> >> > Richard Megginson napisa³(a):
>>> >> >
>>> >> >> This is an excellent cache/memory tuning document
from a Sun
>>> >> >> employee, primarily targeted to Sun DS users, but
almost all of
>>> the
>>> >> >> information is relevant to Fedora DS (since they
share a common
>>> >> >> lineage).
>>> >> >>
>>> >> >>
http://www.directorymanager.org/blogs/ds_cache_sizing.pdf
>>> >> >
>>> >> > Lets say I heven''t got much time lately so
without thinking I''ve
>>> >> > changed in dse.ldif
>>> >> > nsslapd-import-cache-autosize from -1 to 1 and after
restarting
>>> I''ve
>>> >> > started to receive errors like: "3 Time limit
exceeded" Someone do
>>> >> > know what to do? ;)
>>> >> >
>>> >> Change it back ?
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Message: 10
>>> >> Date: Fri, 01 Dec 2006 17:53:22 +0100
>>> >> From: koniczynek <koniczynek@uaznia.net>
>>> >> Subject: Re: [Fedora-directory-users] Memory usage
>>> >> To: "General discussion list for the Fedora Directory
server
>>> project."
>>> >> <fedora-directory-users@redhat.com>
>>> >> Message-ID: <45705E02.7020709@uaznia.net>
>>> >> Content-Type: text/plain; charset=ISO-8859-2
>>> >>
>>> >> David Boreham, dnia 2006-12-01 17:15 napisal:
>>> >> >> Lets say I heven''t got much time lately
so without thinking I''ve
>>> >> >> changed in dse.ldif
>>> >> >> nsslapd-import-cache-autosize from -1 to 1 and
after restarting
>>> I''ve
>>> >> >> started to receive errors like: "3 Time
limit exceeded" Someone do
>>> >> >> know what to do? ;)
>>> >> > Change it back ?
>>> >> man, please, show some respect ;) I did change it back,
but to no
>>> avail.
>>> >> Also I can say (to stop further questions): yes,
I''ve stopped the
>>> server
>>> >> before change.
>>> >>
>>> >> --
>>> >> email/xmpp: koniczynek@uaznia.net
>>> >>
>>> >>
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> --
>>> >> Fedora-directory-users mailing list
>>> >> Fedora-directory-users@redhat.com
>>> >>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> >>
>>> >>
>>> >> End of Fedora-directory-users Digest, Vol 19, Issue 1
>>> >> *****************************************************
>>> >
>>> >
_________________________________________________________________
>>> > Off to school, going on a trip, or moving? Windows Live (MSN)
>>> > Messenger lets you stay in touch with friends and family
wherever you
>>> > go. Click here to find out how to sign up!
>>> > http://www.telusmobility.com/msnxbox/
>>> >
>>> > --
>>> > Fedora-directory-users mailing list
>>> > Fedora-directory-users@redhat.com
>>> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> -------------- next part --------------
>>> A non-text attachment was scrubbed...
>>> Name: smime.p7s
>>> Type: application/x-pkcs7-signature
>>> Size: 3178 bytes
>>> Desc: S/MIME Cryptographic Signature
>>> Url :
>>>
https://www.redhat.com/archives/fedora-directory-users/attachments/20061201/7d15c5b4/smime.bin
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 2
>>> Date: Fri, 01 Dec 2006 15:23:28 -0800
>>> From: To Ngan <tngan@redhat.com>
>>> Subject: Re: [Fedora-directory-users] AD + FDS sync stops working?
>>> To: "General discussion list for the Fedora Directory server
project."
>>> <fedora-directory-users@redhat.com>
>>> Message-ID: <4570B970.3070901@redhat.com>
>>> Content-Type: text/plain; charset="windows-1252"
>>>
>>> Dan Oglesby wrote:
>>> > I tried the following:
>>> >
>>> > In windows registry->HKLM->Software->PasswordSync,
try add string
>>> value “Log
>>> > Level” and set it to “1”. Restart the passsync service. This
should
>>> log
>>> > all transactions and errors. Turn this back to "0"
and restart
>>> passsync
>>> > after troubleshooting.
>>> >
>>> > All I see in the log is this:
>>> >
>>> > 11/30/06 09:12:58: begin log
>>> > 11/30/06 09:12:59: 0 new entries loaded from file
>>> > 11/30/06 09:14:20: 0 new entries loaded from file
>>> > 11/30/06 09:14:20: 0 entries saved to file
>>> > 11/30/06 09:14:20: end log
>>> > 11/30/06 09:14:22: begin log
>>> > 11/30/06 09:14:22: 0 new entries loaded from file
>>> >
>>> > That’s after restarting the passsync service twice, and
changing a
>>> user’s
>>> > password in AD four times.
>>> >
>>>
>>> Hmm... 2 Windows sync stopped working together after 6 months. Any
cert
>>> on AD or DS side expired?
>>> -- 
>>> toto
>>>
>>> -------------- next part --------------
>>> A non-text attachment was scrubbed...
>>> Name: smime.p7s
>>> Type: application/x-pkcs7-signature
>>> Size: 3233 bytes
>>> Desc: S/MIME Cryptographic Signature
>>> Url :
>>>
https://www.redhat.com/archives/fedora-directory-users/attachments/20061201/b9f1ea83/smime.bin
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 3
>>> Date: Sat, 02 Dec 2006 09:28:17 +0100
>>> From: koniczynek <koniczynek@uaznia.net>
>>> Subject: Re: [Fedora-directory-users] Memory usage
>>> To: "General discussion list for the Fedora Directory server
project."
>>> <fedora-directory-users@redhat.com>
>>> Message-ID: <45713921.1080009@uaznia.net>
>>> Content-Type: text/plain; charset=ISO-8859-2
>>>
>>> Richard Megginson, dnia 2006-12-01 18:00 napisal:
>>> >> man, please, show some respect ;) I did change it back,
but to no
>>> avail.
>>> >> Also I can say (to stop further questions): yes,
I''ve stopped the
>>> server
>>> >> before change.
>>> >>
>>> > What types of searches are returning time limit exceeded? Can
you post
>>> > relevant excerpts from the access and error logs?
>>> I''m "benchmarking" my FDS with "ldapsearch
-x" and earlier it worked and
>>> now it does not. In error logs there were "err=3" but I
don''t remember
>>> much more and I''ll have access to the logs on Monday, so
till then, only
>>> I can provide only this information (because I do not remember
anything
>>> more ;) )
>>>
>>> -- 
>>> email/xmpp: koniczynek@uaznia.net
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> -- 
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users@redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>> End of Fedora-directory-users Digest, Vol 19, Issue 3
>>> *****************************************************
>>
>> _________________________________________________________________
>> Off to school, going on a trip, or moving? Windows Live (MSN)
>> Messenger lets you stay in touch with friends and family wherever you
>> go. Click here to find out how to sign up!
>> http://www.telusmobility.com/msnxbox/
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> 
> ------------------------------------------------------------------------
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

-- 
email/xmpp: koniczynek@uaznia.net

koniczynek, dnia 2006-12-05 19:01 napisal:
> (...) necessary (...)
and of course I was speaking about unnecessary ;)

-- 
email/xmpp: koniczynek@uaznia.net