Maybe this isn''t the right place to ask this but ... I''ve set up fedora-ds in order to do network logins via ldap. I''ve configured ssh to use pam_mkhomedir and pam_ldap. I used a copy of Example.ldif changed the root dn and configuring my users and imported it. I used the console to make my users posix users adding their uid and gid. When I ssh into the box as a user not configured on the box the user home dir and contents specified in /etc/skel are created but the gid is a numeric value as the group doesn''t exist on the box. Do I need to create the groups of network logins on all the client boxes? I don''t see a way to associate a gid with a group in fedora-ds. What''s the right way top handle this?
Ted X Toth wrote:> Maybe this isn''t the right place to ask this but ... I''ve set up > fedora-ds in order to do network logins via ldap. I''ve configured ssh to > use pam_mkhomedir and pam_ldap. I used a copy of Example.ldif changed > the root dn and configuring my users and imported it. I used the console > to make my users posix users adding their uid and gid. When I ssh into > the box as a user not configured on the box the user home dir and > contents specified in /etc/skel are created but the gid is a numeric > value as the group doesn''t exist on the box. Do I need to create the > groups of network logins on all the client boxes? I don''t see a way to > associate a gid with a group in fedora-ds. What''s the right way topYou can create group on the client to match the gidnumber in the ldap. Alternatively, you can create a posixgroup entry in the LDAP. -Satish.> handle this? > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Satish Chetty wrote:> Ted X Toth wrote: >> Maybe this isn''t the right place to ask this but ... I''ve set up >> fedora-ds in order to do network logins via ldap. I''ve configured ssh >> to use pam_mkhomedir and pam_ldap. I used a copy of Example.ldif >> changed the root dn and configuring my users and imported it. I used >> the console to make my users posix users adding their uid and gid. >> When I ssh into the box as a user not configured on the box the user >> home dir and contents specified in /etc/skel are created but the gid >> is a numeric value as the group doesn''t exist on the box. Do I need >> to create the groups of network logins on all the client boxes? I >> don''t see a way to associate a gid with a group in fedora-ds. What''s >> the right way top > You can create group on the client to match the gidnumber in the > ldap. Alternatively, you can create a posixgroup entry in the LDAP. > > -Satish. > >> handle this? >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >Ok so how do I add a posixgroup entry in LDAP?
Anderson, Cary
2007-Aug-08 18:03 UTC
[Fedora-directory-users] Setting up the administrative server using ssl on port 636
I have successfully setup replication between two ldap servers using ssl and port 636, So I have a server cert and cacert already setup. If I want to now have the administrative server use encryption do I need to request a second server cert or do I reuse the one I setup for replication? Thanks Cary Anderson, Systems Software Specialist UNIX/Linux Services Information Technology Services Branch Technology Services & Support Division / Data Center Section System Software & Storage Infrastructure fCalPERS Phone: (916) 795-2588 Fax: (916) 795-2424
On Wed, 08 Aug 2007, Ted X Toth wrote:> Ok so how do I add a posixgroup entry in LDAP?Create on object with an objectClass of posixGroup.
Its done at the same time as you create the user via the GUI or via the ldif file where you have to add the object type posixgroup explicitely Quick run down you can find it here doing via ldif command line http://www.csse.uwa.edu.au/~ashley/fedora-ds/fedora-ds-command-09082006.htm Regards Ashley On Wed, 8 Aug 2007, Ted X Toth wrote:> Satish Chetty wrote: >> Ted X Toth wrote: >>> Maybe this isn''t the right place to ask this but ... I''ve set up fedora-ds >>> in order to do network logins via ldap. I''ve configured ssh to use >>> pam_mkhomedir and pam_ldap. I used a copy of Example.ldif changed the root >>> dn and configuring my users and imported it. I used the console to make my >>> users posix users adding their uid and gid. When I ssh into the box as a >>> user not configured on the box the user home dir and contents specified in >>> /etc/skel are created but the gid is a numeric value as the group doesn''t >>> exist on the box. Do I need to create the groups of network logins on all >>> the client boxes? I don''t see a way to associate a gid with a group in >>> fedora-ds. What''s the right way top >> You can create group on the client to match the gidnumber in the ldap. >> Alternatively, you can create a posixgroup entry in the LDAP. >> >> -Satish. >> >>> handle this? >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > Ok so how do I add a posixgroup entry in LDAP? > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > !DSPAM:272,46b9ef7b240337933430235! >-- Ashley Chew - Systems Administrator School of Computer Science and Software Engineering University of Western Australia Tel: (+61 8) 6488 7082 - Fax: (+61 8) 6488 1089 Ashley[@]csse.uwa.edu.au - http://www.csse.uwa.edu.au/~ashley "There is no such thing as Fate, Fate is what you make of it!"
I added the posixgroup to the Object class of a group and gave it a gidnumber. The user I''m trying to login as is defined as a member of the group I added posixgroup to but still the group doesn''t seem to have been retrieved because when I do ''id'' the group name isn''t displayed. ashley wrote:> > Its done at the same time as you create the user via the GUI or via > the ldif file where you have to add the object type posixgroup > explicitely > > Quick run down you can find it here doing via ldif command line > > http://www.csse.uwa.edu.au/~ashley/fedora-ds/fedora-ds-command-09082006.htm > > > Regards Ashley > > > > On Wed, 8 Aug 2007, Ted X Toth wrote: > >> Satish Chetty wrote: >>> Ted X Toth wrote: >>>> Maybe this isn''t the right place to ask this but ... I''ve set up >>>> fedora-ds in order to do network logins via ldap. I''ve configured >>>> ssh to use pam_mkhomedir and pam_ldap. I used a copy of >>>> Example.ldif changed the root dn and configuring my users and >>>> imported it. I used the console to make my users posix users adding >>>> their uid and gid. When I ssh into the box as a user not configured >>>> on the box the user home dir and contents specified in /etc/skel >>>> are created but the gid is a numeric value as the group doesn''t >>>> exist on the box. Do I need to create the groups of network logins >>>> on all the client boxes? I don''t see a way to associate a gid with >>>> a group in fedora-ds. What''s the right way top >>> You can create group on the client to match the gidnumber in the >>> ldap. Alternatively, you can create a posixgroup entry in the LDAP. >>> >>> -Satish. >>> >>>> handle this? >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> Ok so how do I add a posixgroup entry in LDAP? >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> !DSPAM:272,46b9ef7b240337933430235! >> >
Changed nss_base_group to "ou=Groups ..." instead of "ou=Group ..." Ted X Toth wrote:> I added the posixgroup to the Object class of a group and gave it a > gidnumber. The user I''m trying to login as is defined as a member of > the group I added posixgroup to but still the group doesn''t seem to > have been retrieved because when I do ''id'' the group name isn''t > displayed. > > > ashley wrote: >> >> Its done at the same time as you create the user via the GUI or via >> the ldif file where you have to add the object type posixgroup >> explicitely >> >> Quick run down you can find it here doing via ldif command line >> >> http://www.csse.uwa.edu.au/~ashley/fedora-ds/fedora-ds-command-09082006.htm >> >> >> Regards Ashley >> >> >> >> On Wed, 8 Aug 2007, Ted X Toth wrote: >> >>> Satish Chetty wrote: >>>> Ted X Toth wrote: >>>>> Maybe this isn''t the right place to ask this but ... I''ve set up >>>>> fedora-ds in order to do network logins via ldap. I''ve configured >>>>> ssh to use pam_mkhomedir and pam_ldap. I used a copy of >>>>> Example.ldif changed the root dn and configuring my users and >>>>> imported it. I used the console to make my users posix users >>>>> adding their uid and gid. When I ssh into the box as a user not >>>>> configured on the box the user home dir and contents specified in >>>>> /etc/skel are created but the gid is a numeric value as the group >>>>> doesn''t exist on the box. Do I need to create the groups of >>>>> network logins on all the client boxes? I don''t see a way to >>>>> associate a gid with a group in fedora-ds. What''s the right way top >>>> You can create group on the client to match the gidnumber in >>>> the ldap. Alternatively, you can create a posixgroup entry in the >>>> LDAP. >>>> >>>> -Satish. >>>> >>>>> handle this? >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>> Ok so how do I add a posixgroup entry in LDAP? >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> !DSPAM:272,46b9ef7b240337933430235! >>> >> > >
Ted X Toth wrote:> I added the posixgroup to the Object class of a group and gave it a > gidnumber. The user I''m trying to login as is defined as a member of the > group I added posixgroup to but still the group doesn''t seem to have > been retrieved because when I do ''id'' the group name isn''t displayed.What does your group entry say in /etc/nsswitch.conf ? -Satish.> > > ashley wrote: >> >> Its done at the same time as you create the user via the GUI or via >> the ldif file where you have to add the object type posixgroup >> explicitely >> >> Quick run down you can find it here doing via ldif command line >> >> http://www.csse.uwa.edu.au/~ashley/fedora-ds/fedora-ds-command-09082006.htm >> >> >> Regards Ashley >> >> >> >> On Wed, 8 Aug 2007, Ted X Toth wrote: >> >>> Satish Chetty wrote: >>>> Ted X Toth wrote: >>>>> Maybe this isn''t the right place to ask this but ... I''ve set up >>>>> fedora-ds in order to do network logins via ldap. I''ve configured >>>>> ssh to use pam_mkhomedir and pam_ldap. I used a copy of >>>>> Example.ldif changed the root dn and configuring my users and >>>>> imported it. I used the console to make my users posix users adding >>>>> their uid and gid. When I ssh into the box as a user not configured >>>>> on the box the user home dir and contents specified in /etc/skel >>>>> are created but the gid is a numeric value as the group doesn''t >>>>> exist on the box. Do I need to create the groups of network logins >>>>> on all the client boxes? I don''t see a way to associate a gid with >>>>> a group in fedora-ds. What''s the right way top >>>> You can create group on the client to match the gidnumber in the >>>> ldap. Alternatively, you can create a posixgroup entry in the LDAP. >>>> >>>> -Satish. >>>> >>>>> handle this? >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users@redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> >>>> >>>> -- >>>> Fedora-directory-users mailing list >>>> Fedora-directory-users@redhat.com >>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>> Ok so how do I add a posixgroup entry in LDAP? >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> !DSPAM:272,46b9ef7b240337933430235! >>> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Anderson, Cary
2007-Aug-14 20:57 UTC
[Fedora-directory-users] Problems using the administrative GUI when the primary master is down.
I am having problems accessing the administrative GUI from a second ldap master when the first ldap master is down. I have a multi-master environment, The servers all belong to the same administrative domain. I have replicated the NetscapeRoot database between the two masters. However, When I shutdown the first master, I can no longer launch the admin GUI from the second master. Could someone lend some insight into how I can access the admin gui if the primary master becomes unavailable? Thanks