> > > > > >Have had a quick surf and there are couple of OpenLDAP and > SunOne DS > > >templates out there I can use as a starting point, but nothing > > >specifically for FDS. > > > > > > > > The SunOne template should work, since the SNMP MIB is identical. > > > > Thanks for the info Dave. > > I''ll have a look at it tomorrow and let you all know. > > DanWell, am glad to report success :) Wandered across both an OpenLDAP response[1] and a SunOneDS[2], Cacti template for use in monitoring an FDS box. Works nicely. The generic one shows how quick it responds, the SunOne template shows you more specific stats (binds, searches, etc) per second and other odds and sods. The Generic one worked out of the box, the Sun one took a small amount of munging, as despite what you''d expect/hope, the MIBs are seemingly not the same anymore. Think its just a vendor attribute, as each OID needed just a slight adjustment (see below). If anyone wants my ready FDS-ified cacti templates, send me an email and I''ll forward it on. (or is there a special accessories area on the wiki I can upload it to???). Thanks for all who responded :) Dan ######## [1] http://www.linagora.org/article125.html [2] http://forums.cacti.net/about16638.html OID in SunOne templates for dsAnonymousBinds .1.3.6.1.4.1.1450.7.1.1.1.389 FDS OID for dsAnonymousBinds .1.3.6.1.4.1.2312.6.1.1.1.389 Note the 1450.7 rather than 2312.6 ######### -- Dan Hawker Linux System Administrator Astrium -- This email (including any attachments) may contain confidential and/or privileged information or information otherwise protected from disclosure. If you are not the intended recipient, please notify the sender immediately, do not copy this message or any attachments and do not use it for any purpose or disclose its content to any person, but delete this message and any attachments from your system. Astrium disclaims any and all liability if this email transmission was virus corrupted, altered or falsified. --------------------------------------------------------------------- Astrium Limited, Registered in England and Wales No. 2449259 Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2AS, England
HAWKER, Dan wrote:> ...snip... > Well, am glad to report success :) > > Wandered across both an OpenLDAP response[1] and a SunOneDS[2], Cacti > template for use in monitoring an FDS box. Works nicely. The generic one > shows how quick it responds, the SunOne template shows you more specific > stats (binds, searches, etc) per second and other odds and sods. > > The Generic one worked out of the box, the Sun one took a small amount of > munging, as despite what you''d expect/hope, the MIBs are seemingly not the > same anymore. Think its just a vendor attribute, as each OID needed just a > slight adjustment (see below). > > If anyone wants my ready FDS-ified cacti templates, send me an email and > I''ll forward it on. (or is there a special accessories area on the wiki I > can upload it to???). >Just send me the files and I''ll put them in the download area of the wiki. Would you be interested in creating a Howto:SNMP or Cacti page? Doesn''t have to be much, maybe just a few "do this" and "don''t do that" with the links to the downloads.> Thanks for all who responded :) > > Dan > > ######## > > [1] http://www.linagora.org/article125.html > [2] http://forums.cacti.net/about16638.html > > OID in SunOne templates for dsAnonymousBinds > .1.3.6.1.4.1.1450.7.1.1.1.389 > > FDS OID for dsAnonymousBinds > .1.3.6.1.4.1.2312.6.1.1.1.389 > > Note the 1450.7 rather than 2312.6 > > ######### > > -- > > Dan Hawker > Linux System Administrator > Astrium > >
Justin Crawford
2007-Jan-09 01:10 UTC
[Fedora-directory-users] passwordRetryCount Manipulations
Howdy- I have noticed something unexpected. Setting "passwordRetryCount" programatically (e.g. with ldapmodify) to some value higher than our limit (say, 10) causes an account to be locked, right? Well, yes, but only after that account has been locked at least once the old-fashioned way, by trying to bind too many times with a bad password. Brand new accounts* that''ve never been locked the old-fashioned way do not mind a passwordRetryCount of 1000; these accounts can bind successfully, and their passwordRetryCount gets set to 0. Does this make sense? If so, what''s the additional attribute involved in locking, and what are its potential values? Thanks! Justin *Created with minimal attributes using ruby''s net/ldap library.
Richard Megginson
2007-Jan-17 14:57 UTC
Re: [Fedora-directory-users] passwordRetryCount Manipulations
Justin Crawford wrote:> Howdy- > > I have noticed something unexpected. > > Setting "passwordRetryCount" programatically (e.g. with ldapmodify) to > some value higher than our limit (say, 10) causes an account to be > locked, right? Well, yes, but only after that account has been locked > at least once the old-fashioned way, by trying to bind too many times > with a bad password. > > Brand new accounts* that''ve never been locked the old-fashioned way do > not mind a passwordRetryCount of 1000; these accounts can bind > successfully, and their passwordRetryCount gets set to 0. > > Does this make sense? If so, what''s the additional attribute involved > in locking, and what are its potential values? >http://directory.fedora.redhat.com/wiki/Howto:PasswordReset> Thanks! > > Justin > > *Created with minimal attributes using ruby''s net/ldap library. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >