Getting ready to upgrade from fds 1.0.1 to 1.0.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Here is what 00core.ldif looks like (I'm sorry, but this is very foreign
to me; does this look okay)?  Thanks again.

Aaron

cat 00core.ldif | more | grep -i passwordMaxrepeats
attributeTypes: ( 2.16.840.1.113730.3.1.2081 NAME ( 'passwordMaxRepeats'
'pwdMaxRepeats' ) DESC 'Netscape defined password policy attribute type'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape
Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.13 NAME 'passwordPolicy' DESC
'Netscape defined password policy objectclass' SUP top MAY (
passwordMaxAge $ passwordExp $ passwordMinLength $ passwordKeepHistory $
passwordInHistory $ passwordChange $ passwordWarning $ passwordLockout $
passwordMaxFailure $ passwordResetDuration $ passwordUnlock $
passwordLockoutDuration $ passwordCheckSyntax $ passwordMustChange $
passwordStorageScheme $ passwordMinAge $ passwordResetFailureCount $
passwordGraceLimit $ passwordMinDigits $ passwordMinAlphas $
passwordMinUppers $ passwordMinLowers $ passwordMinSpecials $
passwordMin8bit $ passwordMaxRepeats $ passwordMinCategories $
passwordMinTokenLength ) X-ORIGIN 'Netscape Directory Server' ) 

-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard
Megginson
Sent: Wednesday, March 15, 2006 9:42 AM
To: General discussion list for the Fedora Directory server project.
Subject: Re: Getting ready to upgrade from fds
1.0.1 to 1.0.2

Bliss, Aaron wrote:

>Is there any easy way that I can verify that the schemas have been 
>updated properly?  Thanks.
>  
>
Yes.  See if your slapd-instance/config/schema/00core.ldif file has
definitions for these attributes:
passwordMinDigits $ passwordMinAlphas $ passwordMinUppers $
passwordMinLowers $ passwordMinSpecials $ passwordMin8bit $
passwordMaxRepeats $ passwordMinCategories $ passwordMinTokenLength

>Aaron
>
>-----Original Message-----
>From: Bliss, Aaron
>Sent: Tuesday, March 14, 2006 1:34 PM
>To: 'General discussion list for the Fedora Directory server project.'
>Subject: RE: Getting ready to upgrade from fds
>1.0.1 to 1.0.2
>
>I believe this is what your looking for, here is an example when I 
>intentionally attempt to break the password rules:
>[13/Mar/2006:22:19:42 -0500] conn=1073 op=10 RESULT err=19 tag=103 
>nentries=0 et ime=0
>[13/Mar/2006:22:19:42 -0500] conn=1073 op=10 MOD 
>dn="uid=awbtest,ou=users,dc=pre ferredcare,dc=org", invalid password 
>syntax
>
>Here is the error that occurred during the upgrade (I wouldn't worry 
>too much about the entries below that reference fds1 instead of 
>al-lnx-s11, I manually typed that after pasting the error log, as I 
>wasn't comfortable displaying the real server name, but it doesn't 
>really matter now, the real server name is al-lnx-s11)
>
>[13/Mar/2006:21:15:56 -0500] conn=0 op=3 RESULT err=0 tag=101 
>nentries=1 etime=0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=4 BIND dn="uid=admin, 
>ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" method=128
>version=3
>[13/Mar/2006:21:15:56 -0500] conn=0 op=5 SRCH 
>base="cn=al-lnx-s11.preferredcare.
>org, ou=preferredcare.org, o=NetscapeRoot" scope=2 
>filter="(&(objectClass=nsAppl 
>ication)(nsNickName=slapd)(nsInstalledLocation=/opt/fedora-ds))"
>attrs="* aci pa sswordExpirationTime passwordExpWarned 
>passwordRetryCount retryCountResetTime ac countUnlockTime 
>passwordHistory passwordAllowChangeTime nsUniqueId nsLookThrough Limit 
>nsSizeLimit nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock"
>[13/Mar/2006:21:15:56 -0500] conn=0 op=4 RESULT err=0 tag=97 nentries=0

>etime=0 
>dn="uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot"
>[13/Mar/2006:21:15:56 -0500] conn=0 op=5 RESULT err=0 tag=101 
>nentries=1 etime=0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=6 SRCH base="cn=Fedora Directory

>Server, cn=Server Group, cn=al-lnx-s11.preferredcare.org, 
>ou=preferredcare.org, o=Netsca peRoot" scope=0 filter="(objectClass=*)"
>attrs="* aci passwordExpirationTime pas swordExpWarned 
>passwordRetryCount retryCountResetTime accountUnlockTime password 
>History passwordAllowChangeTime nsUniqueId nsLookThroughLimit 
>nsSizeLimit nsTime Limit nsIdleTimeout nsRole nsRoleDN nsAccountLock"
>[13/Mar/2006:21:15:56 -0500] conn=0 op=6 RESULT err=0 tag=101 
>nentries=1 etime=0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=7 MOD dn="cn=Fedora Directory 
>Server, cn= Server Group, cn=al-lnx-s11.preferredcare.org, 
>ou=preferredcare.org, o=NetscapeR oot"
>[13/Mar/2006:21:15:56 -0500] conn=0 op=7 RESULT err=0 tag=103 
>nentries=0 etime=0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=8 SRCH base="cn=Fedora Directory

>Server, cn=Server Group, cn=al-lnx-s11.preferredcare.org, 
>ou=preferredcare.org, o=Netsca peRoot" scope=1 
>filter="(objectClass=nsDirectoryServer)" attrs="* aci passwordEx 
>pirationTime passwordExpWarned passwordRetryCount retryCountResetTime 
>accountUnl ockTime passwordHistory passwordAllowChangeTime nsUniqueId 
>nsLookThroughLimit ns SizeLimit nsTimeLimit nsIdleTimeout nsRole 
>nsRoleDN nsAccountLock"
>[13/Mar/2006:21:15:56 -0500] conn=0 op=8 RESULT err=0 tag=101 
>nentries=1 etime=0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=9 SRCH 
>base="cn=slapd-al-lnx-s11, cn=Fedo ra Directory Server, cn=Server 
>Group, cn=al-lnx-s11.preferredcare.org, ou=prefer redcare.org,
o=NetscapeRoot"
>scope=0 filter="(objectClass=*)" attrs="* aci passw ordExpirationTime 
>passwordExpWarned passwordRetryCount retryCountResetTime accou 
>ntUnlockTime passwordHistory passwordAllowChangeTime nsUniqueId 
>nsLookThroughLim it nsSizeLimit nsTimeLimit nsIdleTimeout nsRole 
>nsRoleDN nsAccountLock"
>[13/Mar/2006:21:15:56 -0500] conn=0 op=9 RESULT err=0 tag=101 
>nentries=1 etime=0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=10 SRCH 
>base="cn=slapd-al-lnx-s11,cn=Fedo ra Directory Server,cn=Server 
>Group,cn=al-lnx-s11.preferredcare.org,ou=preferred
>care.org,o=NetscapeRoot" scope=0 filter="(objectClass=*)" attrs="* aci 
>passwordE xpirationTime passwordExpWarned passwordRetryCount 
>retryCountResetTime accountUn lockTime passwordHistory 
>passwordAllowChangeTime nsUniqueId nsLookThroughLimit n sSizeLimit 
>nsTimeLimit nsIdleTimeout nsRole nsRoleDN nsAccountLock"
>[13/Mar/2006:21:15:56 -0500] conn=0 op=10 RESULT err=0 tag=101
>nentries=1 etime= 0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=11 RESULT err=19 tag=103 
>nentries=0 etime =0
>[13/Mar/2006:21:15:56 -0500] conn=0 op=11 MOD 
>dn="cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server 
>Group,cn=al-lnx-s11.preferredcare.org,ou=preferredcar
>e.org,o=NetscapeRoot", invalid password syntax
> 
>
>-----Original Message-----
>From: fedora-directory-users-bounces at redhat.com
>[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Richard

>Megginson
>Sent: Tuesday, March 14, 2006 10:06 AM
>To: General discussion list for the Fedora Directory server project.
>Subject: Re: Getting ready to upgrade from fds
>1.0.1 to 1.0.2
>
>Bliss, Aaron wrote:
>
>  
>
>>I've been able to reproduce; after setting the new password policy 
>>(require 1 digit, 1 special, etc) and then I attempt to use a password

>>that isn't compliant, this error is logged and the users new password 
>>is not accepted.
>>[13/Mar/2006:22:19:42 -0500] conn=1073 op=10 RESULT err=19 tag=103 
>>nentries=0 etime=0
>> 
>>
>>    
>>
>Can you find out what this operation is?  It's either an ADD or MOD - 
>just search before that line for "conn=1073 op=10".  I'd like to know 
>what the DN is.
>
>  
>
>>So, it looks like everything is working like it is suppose to....it's 
>>still interesting that I received that error during the upgrade....
>>
>>Aaron
>>
>>-----Original Message-----
>>From: fedora-directory-users-bounces at redhat.com
>>[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Bliss,

>>Aaron
>>Sent: Monday, March 13, 2006 10:04 PM
>>To: General discussion list for the Fedora Directory server project.
>>Subject: RE: Getting ready to upgrade from 
>>fds
>>1.0.1 to 1.0.2
>>
>>It only seems to be in the access log 1 time; looks like it only 
>>happened during the upgrade
>>[13/Mar/2006:21:15:56 -0500] conn=0 op=11 RESULT err=19 tag=103 
>>nentries=0 etime=0 Is there an easy way to verify that the new 
>>password
>>    
>>
>
>  
>
>>schema is being used?
>>
>>Thanks.
>>Aaron
>>
>>-----Original Message-----
>>From: fedora-directory-users-bounces at redhat.com
>>[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of 
>>Richard
>>    
>>
>
>  
>
>>Megginson
>>Sent: Monday, March 13, 2006 9:54 PM
>>To: General discussion list for the Fedora Directory server project.
>>Cc: Bliss, Aaron
>>Subject: Re: Getting ready to upgrade from 
>>fds
>>1.0.1 to 1.0.2
>>
>>Bliss, Aaron wrote:
>>
>> 
>>
>>    
>>
>>>Well, I upgraded the fds rpm; after a reboot all looks okay, however 
>>>I
>>>      
>>>
>
>  
>
>>>noticed this information in the setup logfile; is this indicative
that
>>>something failed to update properly?    Perhaps the new schema files?
>>>How can I verify that the new schema files are in use?  Thanks very 
>>>much.
>>>
>>>Start Slapd Starting Slapd server reconfiguration.
>>>Fatal Slapd ERROR: Could not update Directory Server Instance URL 
>>>ldap://fds1.preferredcare.org:389/o=NetscapeRoot user id admin DN 
>>>cn=slapd-al-lnx-s11,cn=Fedora Directory Server,cn=Server 
>>>Group,cn=fds1.preferredcare.org,ou=preferredcare.org,o=NetscapeRoot
>>>(19:Constraint violation)
>>>Configuring Administration Server...
>>>InstallInfo: Apache Directory "ApacheDir" is missing. 
>>>
>>>The proper fds version is disaplyed in the display console, and the 
>>>new
>>>   
>>>
>>>      
>>>
>> 
>>
>>    
>>
>>>password enforcement options seem to be available.
>>>
>>>
>>>   
>>>
>>>      
>>>
>>Check your directory server access log - look for err=19 - constraint 
>>violation - to see which operation it's complaining about.
>>
>> 
>>
>>    
>>
>>>Aaron
>>>-----Original Message-----
>>>From: Bliss, Aaron
>>>Sent: Monday, March 13, 2006 2:08 PM
>>>To: 'General discussion list for the Fedora Directory server
project.'
>>>Subject: RE: Getting ready to upgrade from 
>>>fds
>>>1.0.1 to 1.0.2
>>>
>>>Ah, thanks again.
>>>
>>>Aaron
>>>
>>>-----Original Message-----
>>>From: fedora-directory-users-bounces at redhat.com
>>>[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of 
>>>Richard
>>>   
>>>
>>>      
>>>
>> 
>>
>>    
>>
>>>Megginson
>>>Sent: Monday, March 13, 2006 2:08 PM
>>>To: General discussion list for the Fedora Directory server project.
>>>Subject: Re: Getting ready to upgrade from 
>>>fds
>>>1.0.1 to 1.0.2
>>>
>>>Bliss, Aaron wrote:
>>>
>>>
>>>
>>>   
>>>
>>>      
>>>
>>>>Thanks;  just so I understand, I have to run the setup script even 
>>>>though my databases have already been configured?  I did not have to

>>>>do
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>   
>>>
>>>      
>>>
>>>>this on my test box in order to upgrade.  Thanks.
>>>>
>>>>
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>Setup will copy in the new schema files required to use the new 
>>>password syntax checking, so if you skip that, you'll have to copy 
>>>them
>>>   
>>>
>>>      
>>>
>> 
>>
>>    
>>
>>>in manually.  Setup will also make sure the console reports the 
>>>correct
>>>   
>>>
>>>      
>>>
>> 
>>
>>    
>>
>>>version of directory server.
>>>
>>>
>>>
>>>   
>>>
>>>      
>>>
>>>>Aaron
>>>>
>>>>-----Original Message-----
>>>>From: fedora-directory-users-bounces at redhat.com
>>>>[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of 
>>>>Richard
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>   
>>>
>>>      
>>>
>>>>Megginson
>>>>Sent: Monday, March 13, 2006 1:59 PM
>>>>To: General discussion list for the Fedora Directory server project.
>>>>Subject: Re: Getting ready to upgrade from 
>>>>fds
>>>>1.0.1 to 1.0.2
>>>>
>>>>Bliss, Aaron wrote:
>>>>
>>>>
>>>>
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>>>I'm planning on upgrading both my supplier and consumer fds servers

>>>>>tonight; do I need to worry about their server certificates?  I'll 
>>>>>just
>>>>> 
>>>>>
>>>>>    
>>>>>
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>>>be running rpm -Uvh fedora....Thanks very much.
>>>>>
>>>>>
>>>>> 
>>>>>
>>>>>    
>>>>>
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>>Upgrade shouldn't touch any ssl information.
>>>>
>>>>After doing the rpm -U, do cd /opt/fedora-ds ; ./setup/setup and 
>>>>follow
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>   
>>>
>>>      
>>>
>>>>the prompts.
>>>>
>>>>
>>>>
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>>>Aaron
>>>>>
>>>>>www.preferredcare.org
>>>>>"An Outstanding Member Experience," Preferred Care HMO Plans -- J.
>>>>>          
>>>>>
>D.
>  
>
>>>>>       
>>>>>
>>>>>          
>>>>>
>> 
>>
>>    
>>
>>>>>Power and Associates
>>>>>
>>>>>Confidentiality Notice:
>>>>>The information contained in this electronic message is intended 
>>>>>for
>>>>> 
>>>>>
>>>>>    
>>>>>
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>>the exclusive use of the individual or entity named above and may 
>>>>contain privileged or confidential information.  If the reader of 
>>>>this
>>>>     
>>>>
>>>>        
>>>>
>> 
>>
>>    
>>
>>>>message is not the intended recipient or the employee or agent 
>>>>responsible to deliver it to the intended recipient, you are hereby 
>>>>notified that dissemination, distribution or copying of this 
>>>>information is prohibited.  If you have received this communication 
>>>>in
>>>>     
>>>>
>>>>        
>>>>
>> 
>>
>>    
>>
>>>>error, please notify the sender immediately by telephone and destroy

>>>>the copies you received.
>>>>
>>>>
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>>>--
>>>>>Fedora-directory-users mailing list 
>>>>>Fedora-directory-users at redhat.com
>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>
>>>>>
>>>>> 
>>>>>
>>>>>    
>>>>>
>>>>>       
>>>>>
>>>>>          
>>>>>
>>>>www.preferredcare.org
>>>>"An Outstanding Member Experience," Preferred Care HMO Plans -- J.
D.
>>>>        
>>>>
>
>  
>
>>>>Power and Associates
>>>>
>>>>Confidentiality Notice:
>>>>The information contained in this electronic message is intended for
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>the exclusive use of the individual or entity named above and may 
>>>contain privileged or confidential information.  If the reader of 
>>>this
>>>      
>>>
>
>  
>
>>>message is not the intended recipient or the employee or agent 
>>>responsible to deliver it to the intended recipient, you are hereby 
>>>notified that dissemination, distribution or copying of this 
>>>information is prohibited.  If you have received this communication 
>>>in
>>>      
>>>
>
>  
>
>>>error, please notify the sender immediately by telephone and destroy 
>>>the copies you received.
>>>
>>>
>>>   
>>>
>>>      
>>>
>>>>--
>>>>Fedora-directory-users mailing list
>>>>Fedora-directory-users at redhat.com
>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>>
>>>>  
>>>>
>>>>     
>>>>
>>>>        
>>>>
>>>www.preferredcare.org
>>>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.

>>>Power and Associates
>>>
>>>Confidentiality Notice:
>>>The information contained in this electronic message is intended for
>>>   
>>>
>>>      
>>>
>>the exclusive use of the individual or entity named above and may 
>>contain privileged or confidential information.  If the reader of this

>>message is not the intended recipient or the employee or agent 
>>responsible to deliver it to the intended recipient, you are hereby 
>>notified that dissemination, distribution or copying of this 
>>information is prohibited.  If you have received this communication in

>>error, please notify the sender immediately by telephone and destroy 
>>the copies you received.
>> 
>>
>>    
>>
>>>--
>>>Fedora-directory-users mailing list
>>>Fedora-directory-users at redhat.com
>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>   
>>>
>>>      
>>>
>>www.preferredcare.org
>>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
>>Power and Associates
>>
>>Confidentiality Notice:
>>The information contained in this electronic message is intended for 
>>the exclusive use of the individual or entity named above and may 
>>contain privileged or confidential information.  If the reader of this

>>message is not the intended recipient or the employee or agent 
>>responsible to deliver it to the intended recipient, you are hereby 
>>notified that dissemination, distribution or copying of this 
>>information is prohibited.  If you have received this communication in

>>error, please notify the sender immediately by telephone and destroy 
>>the copies you received.
>>
>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>> 
>>
>>    
>>
>
>
>www.preferredcare.org
>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. 
>Power and Associates
>
>Confidentiality Notice:
>The information contained in this electronic message is intended for
the exclusive use of the individual or entity named above and may
contain privileged or confidential information.  If the reader of this
message is not the intended recipient or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that dissemination, distribution or copying of this information
is prohibited.  If you have received this communication in error, please
notify the sender immediately by telephone and destroy the copies you
received.
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>


www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates

Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information.  If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited.  If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.





[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux