It may be that AD doesn't support proxied auth, in which case you should tell chaining to disable it. See http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#21180 for more information - the pertinent attribute is nsProxiedAuthorization Brian Smith wrote: > All, > Here's what I've now done to enable the AD Back end DB for a sub tree: > 1. Click configuration and select the "dc=domain,dc=com" tree. > 2. Right click "dc=domain,dc=com" tree and select new sub suffix > 3. In New Suffix box, typed "ou=subsuffix1" and unchecked create > associated database automatically and click OK. > 4. Open "dc=domain,dc=com" and right click > "ou=subsuffix1,dc=domain,dc=com, and select "new database link. > 5. Here, I put Database link name "subsuffix1", put the bind dn and > password of a domain user account in my AD, and put the domain > controller ip in the remote server box and clicked save. (I can > connect to my AD with the DN I provided here) > 6. Check enable this suffix under ou=subsuffix1,dc=worldpub,dc=corp > > now subsuffix1 database appears under ou=subsuffix1,dc=domain,dc=com. > If I now go to the directory tab, and select the directory entry, i > get critical extension unavailable and if i use an ldap browser i get > list failed on the main tree. Did i miss a step? If I disable the > ou=subsuffix1,dc=domain,dc=com suffix i can browse the tree no > problem. Thanks! > Brian Smith > > > > Sergio Diaz wrote: >> >> FDS, OpenLDAP and AD >> >> One Directory FDS.....i want this directions to... >> Chaining Backend... >> >> Regards, >> Sergio >> >> On Mon, 2006-10-02 at 14:12 -0400, Brian Smith wrote: >>> Hello all, I've been working on getting chaining working with an active >>> directory back end for a week now. Has anyone successfully done this or >>> have directions on setting this up? >>> >>> Brian Smith >>> >>> Howard Chu wrote: >>> > >>> >> Date: Mon, 02 Oct 2006 10:01:55 -0600 >>> >> From: Richard Megginson <rmeggins at redhat.com <mailto:rmeggins at redhat.com>> >>> > >>> >> Sergio Diaz wrote: >>> >>> Hi Richard; >>> >>> >>> >>> Openldap: >>> >>> >>> >>> The *meta* backend to *slapd(8) >>> >>> <http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8 <http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8>>* >>> >>> performs basic LDAP proxying with respect >>> >>> to a set of remote LDAP servers, called "targets". The >>> >>> information >>> >>> contained in these servers can be presented as belonging >>> >>> to a single >>> >>> Directory Information Tree (DIT). >>> >>> >>> >>> Its possible with FDS ?? >>> >>> >>> >> FDS has a chaining backend which allows you to use another LDAP >>> >> server to store the data. >>> > >>> > It sounds like the FDS chaining backend is similar to OpenLDAP >>> > back-ldap and/or the chaining overlay. In OpenLDAP back-ldap forwards >>> > a request to one other server (at a time; multiple servers can be >>> > configured but the others will only be used if the first server cannot >>> > be contacted). The back-meta backend is a superset of back-ldap, it >>> > can fanout single requests to multiple servers in parallel and >>> > aggregate the results. (There's also attribute mapping and DN >>> > rewriting, but those capabilities are no longer unique to back-meta, >>> > having been moved into the rewrite overlay.) With these modules you >>> > can stitch together a variety of heterogeneous directories into a >>> > coherent virtual directory. >>> > >>> >>> Regards!! >>> >>> Sergio >>> >>> >>> >>> >>> >>> On Mon, 2006-10-02 at 07:25 -0600, Richard Megginson wrote: >>> >>>> Sergio Diaz wrote: >>> >>>>> Hi People, >>> >>>>> >>> >>>>> Its Possible Sync only in One Way ? >>> >>>>> Users Windows AD -> FDS. >>> >>>> No, not really. >>> >>>>> Or the other scenario its like OpenLDAP have a Meta Backend (2 >>> >>>>> LDAPs, 1 AD), its possible with FDS ? >>> >>>> It's possible. What does the meta backend do? >>> >>>>> >>> >>>>> Regards, >>> >>>>> Sergio >>> > >>> > >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com <mailto:Fedora-directory-users at redhat.com> >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061002/83c95381/attachment.bin
