OMG please remove necessary information from the post, because now it's hard to find what you wrote! And this happens in all of your posts ;) so please, for the clarity and for the future use (mailing list archive) ;) Richard Megginson, dnia 2006-12-05 16:19 napisal: > t b wrote: >>> From: fedora-directory-users-request at redhat.com >>> Reply-To: fedora-directory-users at redhat.com >>> To: fedora-directory-users at redhat.com >>> Subject: Fedora-directory-users Digest, Vol 19, Issue 3 >>> Date: Sat, 2 Dec 2006 12:00:05 -0500 (EST) >>> >>> Send Fedora-directory-users mailing list submissions to >>> fedora-directory-users at redhat.com >>> >>> To subscribe or unsubscribe via the World Wide Web, visit >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> or, via email, send a message with subject or body 'help' to >>> fedora-directory-users-request at redhat.com >>> >>> You can reach the person managing the list at >>> fedora-directory-users-owner at redhat.com >>> >>> When replying, please edit your Subject line so it is more specific >>> than "Re: Contents of Fedora-directory-users digest..." >>> >>> >>> Today's Topics: >>> >>> 1. Re: RE: Fedora-directory-users Digest, Vol 19, Issue 1 >>> (Richard Megginson) >>> 2. Re: AD + FDS sync stops working? (To Ngan) >>> 3. Re: Memory usage (koniczynek) >>> >>> >>> ---------------------------------------------------------------------- >>> >>> Message: 1 >>> Date: Fri, 01 Dec 2006 12:55:24 -0700 >>> From: Richard Megginson <rmeggins at redhat.com> >>> Subject: Re: RE: Fedora-directory-users >>> Digest, Vol 19, Issue 1 >>> To: "General discussion list for the Fedora Directory server project." >>> <fedora-directory-users at redhat.com> >>> Message-ID: <457088AC.1030004 at redhat.com> >>> Content-Type: text/plain; charset="iso-8859-1" >>> >>> t b wrote: >>> > My logs seem to indicate that the connection is being encrypted; I can >>> > ssh to a client server and get the password prompt, but when I enter >>> > the password it just returns me to the password prompt again >>> > >>> > [01/Dec/2006:19:47:44 -0500] conn=650 fd=69 slot=69 connection from >>> > xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx >>> > [01/Dec/2006:19:47:44 -0500] conn=650 op=0 EXT >>> > oid="1.3.6.1.4.1.1466.20037" name="startTLS" >>> > [01/Dec/2006:19:47:44 -0500] conn=650 op=0 RESULT err=0 tag=120 >>> > nentries=0 etime=0 >>> > [01/Dec/2006:19:47:44 -0500] conn=650 SSL 256-bit AES >>> All of this means the client was able to successfully perform the >>> startTLS extended operation and start using SSL. >>> > [01/Dec/2006:19:47:44 -0500] conn=650 op=1 UNBIND >>> > [01/Dec/2006:19:47:44 -0500] conn=650 op=1 fd=69 closed - U1 >>> The UNBIND means the client had a problem and closed the connection. >>> Does the client print any errors? Are there any messages in the server >>> error log? >> >> On the client server it show, >> >> sshd[24149]: Failed password for invalid user xxxxx from >> xxx.xxx.xxx.xxx port xxx ssh2 >> >> >> >> >> >> >> >> >> >>> > >>> > If I disable TLS everything works fine, the client server can query >>> > the FDS and auth the client properly >>> > >>> > I am not sure if the problem has to do with the pam_ldap not properly >>> > formatted or the cert file not in proper format >>> > >>> > Does anyone have an example of what the pam_ldap config should look >>> > like? or suggestions on checking whether the cert file is in proper >>> > format >>> I'm not sure. PAM needs the ca cert of the CA that issued the directory >>> server server cert. See >>> http://directory.fedora.redhat.com/wiki/Howto:SSL for more information. >>> > >> >> That was the info I used to do the SSL setup, but I only see a part of >> the log output they indicated, >> >> Their logs, >> >> [18/Jul/2005:20:33:36 -0400] conn=4 op=0 EXT >> oid="1.3.6.1.4.1.1466.20037" name="startTLS" >> [18/Jul/2005:20:33:36 -0400] conn=4 op=0 RESULT err=0 tag=120 >> nentries=0 etime=0 >> [18/Jul/2005:20:33:36 -0400] conn=4 SSL 256-bit AES >> [18/Jul/2005:20:33:36 -0400] conn=4 op=1 BIND dn="" method=128 version=3 >> [18/Jul/2005:20:33:36 -0400] conn=4 op=1 RESULT err=0 tag=97 >> nentries=0 etime=0 dn="" >> [18/Jul/2005:20:33:36 -0400] conn=4 op=2 SRCH base="dc=example,dc=com" >> scope=2 filter="(uid=testuser)" attrs=ALL >> >> My Logs, >> >> [04/Dec/2006:14:35:52 -0500] conn=757 op=0 EXT >> oid="1.3.6.1.4.1.1466.20037" name="startTLS" >> [04/Dec/2006:14:35:52 -0500] conn=757 op=0 RESULT err=0 tag=120 >> nentries=0 etime=0 >> [04/Dec/2006:14:35:52 -0500] conn=757 SSL 256-bit AES >> [04/Dec/2006:14:35:52 -0500] conn=757 op=1 UNBIND >> [04/Dec/2006:14:35:52 -0500] conn=757 op=1 fd=71 closed - U1 >> >> For some reason my setup dies just before querying the FDS to >> determine user details >> >> Do you know of any tests that I can run just on the client server to >> determine proper confuguration? > Firstly, try /usr/bin/ldapsearch to see if you can use startTLS and bind > as your user. >> >> >> >> >> >>> > Also what's the UNBIND shown in the logs? >>> > >>> > Thanks >>> > >>> >> From: fedora-directory-users-request at redhat.com >>> >> Reply-To: fedora-directory-users at redhat.com >>> >> To: fedora-directory-users at redhat.com >>> >> Subject: Fedora-directory-users Digest, Vol 19, Issue 1 >>> >> Date: Fri, 1 Dec 2006 12:00:06 -0500 (EST) >>> >> >>> >> Send Fedora-directory-users mailing list submissions to >>> >> fedora-directory-users at redhat.com >>> >> >>> >> To subscribe or unsubscribe via the World Wide Web, visit >>> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> or, via email, send a message with subject or body 'help' to >>> >> fedora-directory-users-request at redhat.com >>> >> >>> >> You can reach the person managing the list at >>> >> fedora-directory-users-owner at redhat.com >>> >> >>> >> When replying, please edit your Subject line so it is more specific >>> >> than "Re: Contents of Fedora-directory-users digest..." >>> >> >>> >> >>> >> Today's Topics: >>> >> >>> >> 1. pam_ldap with SSL/TLS (t b) >>> >> 2. RE: pam_ldap with SSL/TLS (Morris, Patrick) >>> >> 3. Re: pam_ldap with SSL/TLS (Richard Megginson) >>> >> 4. Problem with SSL console in X in specific circumstances >>> >> (Philip Kime) >>> >> 5. FW: Extracting details from >>> >> ActiveDirectoryto FDS (Paxton, Darren) >>> >> 6. alias in fedora directory server (patrick ndjientcheu ngandjui) >>> >> 7. Re: FW: Extracting details from >>> >> ActiveDirectoryto FDS (Nicholas Byrne) >>> >> 8. Re: Memory usage (koniczynek) >>> >> 9. Re: Memory usage (David Boreham) >>> >> 10. Re: Memory usage (koniczynek) >>> >> >>> >> >>> >> >>> ---------------------------------------------------------------------- >>> >> >>> >> Message: 1 >>> >> Date: Thu, 30 Nov 2006 12:31:50 -0500 >>> >> From: "t b" <mxheadroom at hotmail.com> >>> >> Subject: pam_ldap with SSL/TLS >>> >> To: fedora-directory-users at redhat.com >>> >> Message-ID: <BAY116-F322745E96D702ED748B1D0CDDB0 at phx.gbl> >>> >> Content-Type: text/plain; format=flowed >>> >> >>> >> I am trying to setup pam_ldap to use TLS to communicate with the FDS, >>> >> but >>> >> having lots of problems doing so; it works if I use the unencrypted >>> >> way but >>> >> not if I use ldaps ( port 636 ) >>> >> >>> >> I used the instructions at, >>> >> http://directory.fedora.redhat.com/wiki/Howto:PAM >>> >> >>> >> Has anyone gotten PAM to work TLS >>> >> >>> >> >>> >> Thanks >>> >> >>> >> _________________________________________________________________ >>> >> Buy, Load, Play. The new Sympatico / MSN Music Store works seamlessly >>> >> with >>> >> Windows Media Player. Just Click PLAY. >>> >> >>> http://musicstore.sympatico.msn.ca/content/viewer.aspx?cid=SMS_Sept192006 >>> >>> >> >>> >> >>> >> >>> >> >>> >> ------------------------------ >>> >> >>> >> Message: 2 >>> >> Date: Thu, 30 Nov 2006 13:00:56 -0500 >>> >> From: "Morris, Patrick" <patrick.morris at hp.com> >>> >> Subject: RE: pam_ldap with SSL/TLS >>> >> To: "General discussion list for the Fedora Directory server >>> project." >>> >> <fedora-directory-users at redhat.com> >>> >> Message-ID: >>> >> >>> <CD18C81835E18A40A64C4A0D16A237BE05FE850D at ATAEXC01.americas.cpqcorp.net> >>> >> >>> >> >>> >> Content-Type: text/plain; charset="US-ASCII" >>> >> >>> >> > I am trying to setup pam_ldap to use TLS to communicate with >>> >> > the FDS, but having lots of problems doing so; it works if I >>> >> > use the unencrypted way but not if I use ldaps ( port 636 ) >>> >> >>> >> Someone should jump in here and correct me if I'm wrong, but I >>> believe >>> >> it's normal for TLS connections to happen on the standard LDAP port. >>> >> You should be able to tell from your logs whether the connection is >>> >> encrypted or not. >>> >> >>> >> >>> >> >>> >> ------------------------------ >>> >> >>> >> Message: 3 >>> >> Date: Thu, 30 Nov 2006 11:08:08 -0700 >>> >> From: Richard Megginson <rmeggins at redhat.com> >>> >> Subject: Re: pam_ldap with SSL/TLS >>> >> To: "General discussion list for the Fedora Directory server >>> project." >>> >> <fedora-directory-users at redhat.com> >>> >> Message-ID: <456F1E08.40601 at redhat.com> >>> >> Content-Type: text/plain; charset="iso-8859-1" >>> >> >>> >> Morris, Patrick wrote: >>> >> >> I am trying to setup pam_ldap to use TLS to communicate with >>> >> >> the FDS, but having lots of problems doing so; it works if I >>> >> >> use the unencrypted way but not if I use ldaps ( port 636 ) >>> >> >> >>> >> > >>> >> > Someone should jump in here and correct me if I'm wrong, but I >>> believe >>> >> > it's normal for TLS connections to happen on the standard LDAP >>> port. >>> >> > You should be able to tell from your logs whether the connection is >>> >> > encrypted or not. >>> >> > >>> >> Yes. The LDAP "preferred" way is to use the startTLS extended >>> operation >>> >> which starts a TLS session on the non-secure port. This will be >>> logged >>> >> in the access log. >>> >> > -- >>> >> > Fedora-directory-users mailing list >>> >> > Fedora-directory-users at redhat.com >>> >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> > >>> >> -------------- next part -------------- >>> >> A non-text attachment was scrubbed... >>> >> Name: smime.p7s >>> >> Type: application/x-pkcs7-signature >>> >> Size: 3178 bytes >>> >> Desc: S/MIME Cryptographic Signature >>> >> Url : >>> >> >>> https://www.redhat.com/archives/fedora-directory-users/attachments/20061130/0634e78a/smime.bin >>> >>> >> >>> >> >>> >> ------------------------------ >>> >> >>> >> Message: 4 >>> >> Date: Thu, 30 Nov 2006 18:02:55 -0800 >>> >> From: "Philip Kime" <pkime at Shopzilla.com> >>> >> Subject: Problem with SSL console in X in >>> >> specific circumstances >>> >> To: <fedora-directory-users at redhat.com> >>> >> Message-ID: >>> >> <9C0091F428E697439E7A773FFD083427435BE3 at szexchange.Shopzilla.inc> >>> >> Content-Type: text/plain; charset="us-ascii" >>> >> >>> >> Here's the problem: >>> >> >>> >> Running startconsole (SSL) to a remote display on a PC X-server >>> (xwin32) >>> >> works fine and requires that my windows home dir on the PC X-server >>> >> machine has .fedora-console/ containing cert8.db and key3.db, as >>> you'd >>> >> expect. If I rename this dir, the console hangs at the splash >>> screen. So >>> >> far, so good, all makes sense. >>> >> >>> >> If I try the same thing to cygwin's X server on same machine or to >>> an X >>> >> server on a Mac running OSX, startconsole always hangs as if it can't >>> >> find ~/.fedora-console on the local machine. I've tried copying >>> this dir >>> >> to what cygwin/OSX thinks is the user's home dir but no luck. Where >>> >> should I put the Cert db files under "real" UNIX X to get the SSL >>> >> console to work? Also tried ~/.mmc as per the docs but I could >>> never get >>> >> this to work. >>> >> >>> >> PK >>> >> >>> >> -- >>> >> Philip Kime >>> >> NOPS Systems Architect >>> >> 310 401 0407 >>> >> >>> >> -------------- next part -------------- >>> >> An HTML attachment was scrubbed... >>> >> URL: >>> >> >>> https://www.redhat.com/archives/fedora-directory-users/attachments/20061130/054ecbd6/attachment.html >>> >>> >> >>> >> >>> >> ------------------------------ >>> >> >>> >> Message: 5 >>> >> Date: Fri, 1 Dec 2006 08:04:30 -0000 >>> >> From: "Paxton, Darren" <Darren.Paxton at mercer.com> >>> >> Subject: FW: Extracting details from >>> >> ActiveDirectoryto FDS >>> >> To: <Fedora-directory-users at redhat.com> >>> >> Message-ID: >>> >> <52F7C07B119CF4439B7EFBFE0FB3256B027CBD02 at eidwpexms06.mercer.com> >>> >> Content-Type: text/plain; charset="us-ascii" >>> >> >>> >> Skipped content of type multipart/alternative-------------- next part >>> >> -------------- >>> >> -- >>> >> Fedora-directory-users mailing list >>> >> Fedora-directory-users at redhat.com >>> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >>> >> ------------------------------ >>> >> >>> >> Message: 6 >>> >> Date: Fri, 1 Dec 2006 08:10:42 +0000 (GMT) >>> >> From: patrick ndjientcheu ngandjui <tchen_pat at yahoo.fr> >>> >> Subject: alias in fedora directory server >>> >> To: Fedora-directory-users at redhat.com >>> >> Message-ID: <20061201081042.78578.qmail at web25801.mail.ukl.yahoo.com> >>> >> Content-Type: text/plain; charset="iso-8859-1" >>> >> >>> >> Hi, >>> >> I would like to know how to use alias in fedora directory server.It >>> >> seems that it is used for point to another entry in the directory,but >>> >> i don't know how to use this feature.May someone helps me on this >>> >> issue? I would really appreciate an example. >>> >> >>> >> Thanks >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> ___________________________________________________________________________ >>> >>> >> >>> >> D?couvrez une nouvelle fa?on d'obtenir des r?ponses ? toutes vos >>> >> questions ! >>> >> Profitez des connaissances, des opinions et des exp?riences des >>> >> internautes sur Yahoo! Questions/R?ponses >>> >> http://fr.answers.yahoo.com >>> >> -------------- next part -------------- >>> >> An HTML attachment was scrubbed... >>> >> URL: >>> >> >>> https://www.redhat.com/archives/fedora-directory-users/attachments/20061201/0fa54e4f/attachment.html >>> >>> >> >>> >> >>> >> ------------------------------ >>> >> >>> >> Message: 7 >>> >> Date: Fri, 01 Dec 2006 11:50:13 +0000 >>> >> From: Nicholas Byrne <nicholas.byrne at quadriga.com> >>> >> Subject: Re: FW: Extracting details from >>> >> ActiveDirectoryto FDS >>> >> To: "General discussion list for the Fedora Directory server >>> project." >>> >> <fedora-directory-users at redhat.com> >>> >> Message-ID: <457016F5.5030202 at quadriga.com> >>> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed >>> >> >>> >> Your messages got through - you can confirm by checking the >>> archives - >>> >> https://www.redhat.com/archives/fedora-directory-users/ >>> >> >>> >> I'm a new user as well so i'm afraid i can't answer your question, >>> but >>> >> if you keep asking i'm sure someone will know! >>> >> Nick >>> >> >>> >> Paxton, Darren wrote: >>> >> > Apologies for mailing yet again, however either my messages are not >>> >> > getting through (something I don't believe as I keep getting the >>> post >>> >> > to the mailing list) - or for some reason, no one is willing to >>> even >>> >> > acknowledge my issue. >>> >> > >>> >> > In the spirit of the community - can someone at least acknowledge a >>> >> > message as I find it quite disheartening that I have had no >>> replies at >>> >> > all even if just to point me somewhere for assistance. >>> >> > >>> >> > >>> >> >>> ------------------------------------------------------------------------ >>> >> > *From:* fedora-directory-users-bounces at redhat.com >>> >> > [mailto:fedora-directory-users-bounces at redhat.com] *On Behalf Of >>> >> > *Paxton, Darren >>> >> > *Sent:* 30 November 2006 08:46 >>> >> > *To:* General discussion list for the Fedora Directory server >>> project. >>> >> > *Subject:* RE: Extracting details from >>> >> > ActiveDirectoryto FDS >>> >> > >>> >> > Hi >>> >> > >>> >> > Has anyone had any thoughts on my query or can point me in the >>> right >>> >> > direction? >>> >> > >>> >> > As is the nature of AD, I would have thought it is possible to >>> extract >>> >> > this information using a scope setting or something similar. >>> >> > >>> >> > Thanks >>> >> > >>> >> > Darren >>> >> > >>> >> > >>> >> >>> ------------------------------------------------------------------------ >>> >> > *From:* fedora-directory-users-bounces at redhat.com >>> >> > [mailto:fedora-directory-users-bounces at redhat.com] *On Behalf Of >>> >> > *Paxton, Darren >>> >> > *Sent:* 24 November 2006 14:56 >>> >> > *To:* fedora-directory-users at redhat.com >>> >> > *Subject:* Extracting details from Active >>> >> > Directoryto FDS >>> >> > >>> >> > Hi all, >>> >> > >>> >> > I've been tinkering with integrating our Linux devices into our AD >>> >> > domain for some time and I've hit a few brick walls, however I've >>> >> > recently discovered FDS and the synchronisation features with AD. >>> >> > >>> >> > I've managed to set up a few replication jobs, however due to the >>> >> > extensive nature of our AD, I've realised that the sync only takes >>> >> > the group and user objects from the OU or CN being specified. >>> >> > >>> >> > Is there any way I can specify that it should traverse all >>> >> > subtrees of an OU and extract all that information back into FDS? >>> >> > >>> >> > Thanks >>> >> > >>> >> > Darren >>> >> > >>> >> > -- >>> >> > Darren Paxton >>> >> > EMEA Tier2 >>> >> > Red Hat Certified Engineer >>> >> > VMware Certified Professional >>> >> > MGTI Centralised ops >>> >> > >>> >> > >>> >> > This e-mail and any attachments may be confidential or legally >>> >> > privileged.If you received this message in error or are not the >>> >> > intended recipient, you should destroy the email message and any >>> >> > attachments or copies, and you are prohibited from retaining, >>> >> > distributing, disclosing or using any information contained herein. >>> >> > Please inform us of the erroneous delivery by return e-mail. >>> Thank you >>> >> > for your co-operation. >>> >> > >>> >> > Mercer Human Resource Consulting Limited is authorised and >>> regulated >>> >> > by the Financial Services Authority. Registered in England No. >>> 984275. >>> >> > Registered Office: 1 Tower Place West, Tower Place, London, EC3R >>> 5BU. >>> >> > >>> >> > >>> >> >>> ------------------------------------------------------------------------ >>> >> > >>> >> > -- >>> >> > Fedora-directory-users mailing list >>> >> > Fedora-directory-users at redhat.com >>> >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> > >>> >> > >>> >> >>> ------------------------------------------------------------------------ >>> >> > >>> >> > -- >>> >> > Fedora-directory-users mailing list >>> >> > Fedora-directory-users at redhat.com >>> >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> > >>> >> >>> >> >>> >> >>> >> This e-mail is the property of Quadriga Worldwide Ltd, intended for >>> >> the addressee only and confidential. Any dissemination, copying or >>> >> distribution of this message or any attachments is strictly >>> prohibited. >>> >> >>> >> If you have received this message in error, please notify us >>> >> immediately by replying to the message and deleting it from your >>> >> computer. >>> >> >>> >> Messages sent to and from Quadriga may be monitored. >>> >> >>> >> Quadriga cannot guarantee any message delivery method is secure or >>> >> error-free. Information could be intercepted, corrupted, lost, >>> >> destroyed, arrive late or incomplete, or contain viruses. >>> >> >>> >> We do not accept responsibility for any errors or omissions in this >>> >> message and/or attachment that arise as a result of transmission. >>> >> >>> >> You should carry out your own virus checks before opening any >>> >> attachment. >>> >> >>> >> Any views or opinions presented are solely those of the author and do >>> >> not necessarily represent those of Quadriga. >>> >> >>> >> >>> >> >>> >> ------------------------------ >>> >> >>> >> Message: 8 >>> >> Date: Fri, 01 Dec 2006 16:45:28 +0100 >>> >> From: koniczynek <koniczynek at uaznia.net> >>> >> Subject: Re: Memory usage >>> >> To: "General discussion list for the Fedora Directory server >>> project." >>> >> <fedora-directory-users at redhat.com> >>> >> Message-ID: <45704E18.3070705 at uaznia.net> >>> >> Content-Type: text/plain; charset=ISO-8859-2; format=flowed >>> >> >>> >> Richard Megginson napisa?(a): >>> >> > This is an excellent cache/memory tuning document from a Sun >>> employee, >>> >> > primarily targeted to Sun DS users, but almost all of the >>> >> information is >>> >> > relevant to Fedora DS (since they share a common lineage). >>> >> > >>> >> > http://www.directorymanager.org/blogs/ds_cache_sizing.pdf >>> >> Lets say I heven't got much time lately so without thinking I've >>> changed >>> >> in dse.ldif >>> >> nsslapd-import-cache-autosize from -1 to 1 and after restarting I've >>> >> started to receive errors like: "3 Time limit exceeded" Someone do >>> know >>> >> what to do? ;) >>> >> >>> >> -- >>> >> xmpp/email: koniczynek at uaznia.net >>> >> xmpp/email: koniczynek at gmail.com >>> >> >>> >> >>> >> >>> >> ------------------------------ >>> >> >>> >> Message: 9 >>> >> Date: Fri, 01 Dec 2006 09:15:14 -0700 >>> >> From: David Boreham <david_list at boreham.org> >>> >> Subject: Re: Memory usage >>> >> To: "General discussion list for the Fedora Directory server >>> project." >>> >> <fedora-directory-users at redhat.com> >>> >> Message-ID: <45705512.4070808 at boreham.org> >>> >> Content-Type: text/plain; charset=ISO-8859-2; format=flowed >>> >> >>> >> koniczynek wrote: >>> >> >>> >> > Richard Megginson napisa?(a): >>> >> > >>> >> >> This is an excellent cache/memory tuning document from a Sun >>> >> >> employee, primarily targeted to Sun DS users, but almost all of >>> the >>> >> >> information is relevant to Fedora DS (since they share a common >>> >> >> lineage). >>> >> >> >>> >> >> http://www.directorymanager.org/blogs/ds_cache_sizing.pdf >>> >> > >>> >> > Lets say I heven't got much time lately so without thinking I've >>> >> > changed in dse.ldif >>> >> > nsslapd-import-cache-autosize from -1 to 1 and after restarting >>> I've >>> >> > started to receive errors like: "3 Time limit exceeded" Someone do >>> >> > know what to do? ;) >>> >> > >>> >> Change it back ? >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> ------------------------------ >>> >> >>> >> Message: 10 >>> >> Date: Fri, 01 Dec 2006 17:53:22 +0100 >>> >> From: koniczynek <koniczynek at uaznia.net> >>> >> Subject: Re: Memory usage >>> >> To: "General discussion list for the Fedora Directory server >>> project." >>> >> <fedora-directory-users at redhat.com> >>> >> Message-ID: <45705E02.7020709 at uaznia.net> >>> >> Content-Type: text/plain; charset=ISO-8859-2 >>> >> >>> >> David Boreham, dnia 2006-12-01 17:15 napisal: >>> >> >> Lets say I heven't got much time lately so without thinking I've >>> >> >> changed in dse.ldif >>> >> >> nsslapd-import-cache-autosize from -1 to 1 and after restarting >>> I've >>> >> >> started to receive errors like: "3 Time limit exceeded" Someone do >>> >> >> know what to do? ;) >>> >> > Change it back ? >>> >> man, please, show some respect ;) I did change it back, but to no >>> avail. >>> >> Also I can say (to stop further questions): yes, I've stopped the >>> server >>> >> before change. >>> >> >>> >> -- >>> >> email/xmpp: koniczynek at uaznia.net >>> >> >>> >> >>> >> >>> >> ------------------------------ >>> >> >>> >> -- >>> >> Fedora-directory-users mailing list >>> >> Fedora-directory-users at redhat.com >>> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >>> >> >>> >> End of Fedora-directory-users Digest, Vol 19, Issue 1 >>> >> ***************************************************** >>> > >>> > _________________________________________________________________ >>> > Off to school, going on a trip, or moving? Windows Live (MSN) >>> > Messenger lets you stay in touch with friends and family wherever you >>> > go. Click here to find out how to sign up! >>> > http://www.telusmobility.com/msnxbox/ >>> > >>> > -- >>> > Fedora-directory-users mailing list >>> > Fedora-directory-users at redhat.com >>> > https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> -------------- next part -------------- >>> A non-text attachment was scrubbed... >>> Name: smime.p7s >>> Type: application/x-pkcs7-signature >>> Size: 3178 bytes >>> Desc: S/MIME Cryptographic Signature >>> Url : >>> https://www.redhat.com/archives/fedora-directory-users/attachments/20061201/7d15c5b4/smime.bin >>> >>> >>> ------------------------------ >>> >>> Message: 2 >>> Date: Fri, 01 Dec 2006 15:23:28 -0800 >>> From: To Ngan <tngan at redhat.com> >>> Subject: Re: AD + FDS sync stops working? >>> To: "General discussion list for the Fedora Directory server project." >>> <fedora-directory-users at redhat.com> >>> Message-ID: <4570B970.3070901 at redhat.com> >>> Content-Type: text/plain; charset="windows-1252" >>> >>> Dan Oglesby wrote: >>> > I tried the following: >>> > >>> > In windows registry->HKLM->Software->PasswordSync, try add string >>> value ?Log >>> > Level? and set it to ?1?. Restart the passsync service. This should >>> log >>> > all transactions and errors. Turn this back to "0" and restart >>> passsync >>> > after troubleshooting. >>> > >>> > All I see in the log is this: >>> > >>> > 11/30/06 09:12:58: begin log >>> > 11/30/06 09:12:59: 0 new entries loaded from file >>> > 11/30/06 09:14:20: 0 new entries loaded from file >>> > 11/30/06 09:14:20: 0 entries saved to file >>> > 11/30/06 09:14:20: end log >>> > 11/30/06 09:14:22: begin log >>> > 11/30/06 09:14:22: 0 new entries loaded from file >>> > >>> > That?s after restarting the passsync service twice, and changing a >>> user?s >>> > password in AD four times. >>> > >>> >>> Hmm... 2 Windows sync stopped working together after 6 months. Any cert >>> on AD or DS side expired? >>> -- >>> toto >>> >>> -------------- next part -------------- >>> A non-text attachment was scrubbed... >>> Name: smime.p7s >>> Type: application/x-pkcs7-signature >>> Size: 3233 bytes >>> Desc: S/MIME Cryptographic Signature >>> Url : >>> https://www.redhat.com/archives/fedora-directory-users/attachments/20061201/b9f1ea83/smime.bin >>> >>> >>> ------------------------------ >>> >>> Message: 3 >>> Date: Sat, 02 Dec 2006 09:28:17 +0100 >>> From: koniczynek <koniczynek at uaznia.net> >>> Subject: Re: Memory usage >>> To: "General discussion list for the Fedora Directory server project." >>> <fedora-directory-users at redhat.com> >>> Message-ID: <45713921.1080009 at uaznia.net> >>> Content-Type: text/plain; charset=ISO-8859-2 >>> >>> Richard Megginson, dnia 2006-12-01 18:00 napisal: >>> >> man, please, show some respect ;) I did change it back, but to no >>> avail. >>> >> Also I can say (to stop further questions): yes, I've stopped the >>> server >>> >> before change. >>> >> >>> > What types of searches are returning time limit exceeded? Can you post >>> > relevant excerpts from the access and error logs? >>> I'm "benchmarking" my FDS with "ldapsearch -x" and earlier it worked and >>> now it does not. In error logs there were "err=3" but I don't remember >>> much more and I'll have access to the logs on Monday, so till then, only >>> I can provide only this information (because I do not remember anything >>> more ;) ) >>> >>> -- >>> email/xmpp: koniczynek at uaznia.net >>> >>> >>> >>> ------------------------------ >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> End of Fedora-directory-users Digest, Vol 19, Issue 3 >>> ***************************************************** >> >> _________________________________________________________________ >> Off to school, going on a trip, or moving? Windows Live (MSN) >> Messenger lets you stay in touch with friends and family wherever you >> go. Click here to find out how to sign up! >> http://www.telusmobility.com/msnxbox/ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- email/xmpp: koniczynek at uaznia.net
