FDS and AD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/13/06, Richard Megginson <rmeggins at redhat.com> wrote:
>
> Sergio Diaz wrote:
> > Hi all,
> >
> > I successfully connect the AD Back End DB to FDS like Brian Smith,  i
> > disable the nsProxiedAuthorization (comment by Richard Meggison) in
> > Plugins->Chaining Database->AD (is the name of my Sub Suffix), but i
> > cant Browse the Directory "Critical Extension unavailable".
> I don't understand.  You can't "Browse" the directory, but you can
> search Users and Groups?


Yes. Look the ScreenShots -> SearchAD.png and BrowseCritical.png
In the Console i can Search Users from AD or FDS.
In the Directory Sever in TAB Directory i cant Browse the Settings of my
Domain (Critical Extension Unavailable)

Map Attributes No.
OK


> >
> > Its possible to Link the Database of the AD only for Read ?
> You might be able to set the Chaining Database to be readonly in its
> settings.


In wich part i can do this ?


Regards,
Sergio

> I like to write a Howto for this settings.
> >
> > Regards,
> > Sergio
> >
> >
> >
> >
> >
> >
> > On 10/2/06, *Richard Megginson* <rmeggins at redhat.com
> > <mailto:rmeggins at redhat.com>> wrote:
> >
> >     It may be that AD doesn't support proxied auth, in which case you
> >     should
> >     tell chaining to disable it.  See
> >
> http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#21180
> >     <
> http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#21180
> >
> >     for more information - the pertinent attribute is
> >     nsProxiedAuthorization
> >
> >     Brian Smith wrote:
> >     > All,
> >     > Here's what I've now done to enable the AD Back end DB for a sub
> >     tree:
> >     > 1.   Click configuration and select the "dc=domain,dc=com" tree.
> >     > 2.   Right click "dc=domain,dc=com" tree and select new sub suffix
> >     > 3.   In New Suffix box, typed "ou=subsuffix1" and unchecked create
> >     > associated database automatically and click OK.
> >     > 4.   Open "dc=domain,dc=com" and right click
> >     > "ou=subsuffix1,dc=domain,dc=com, and select "new database link.
> >     > 5.   Here, I put Database link name "subsuffix1", put the bind
> >     dn and
> >     > password of a domain user account in my AD, and put the domain
> >     > controller ip in the remote server box and clicked save. (I can
> >     > connect to my AD with the DN I provided here)
> >     > 6.   Check enable this suffix under
> >     ou=subsuffix1,dc=worldpub,dc=corp
> >     >
> >     > now subsuffix1 database appears under
> >     ou=subsuffix1,dc=domain,dc=com.
> >     > If I now go to the directory tab, and select the directory entry,
> i
> >     > get critical extension unavailable and if i use an ldap browser
> >     i get
> >     > list failed on the main tree.  Did i miss a step?  If I disable
> the
> >     > ou=subsuffix1,dc=domain,dc=com suffix i can browse the tree no
> >     > problem.  Thanks!
> >     > Brian Smith
> >     >
> >     >
> >     >
> >     > Sergio Diaz wrote:
> >     >>
> >     >> FDS, OpenLDAP and AD
> >     >>
> >     >> One Directory FDS.....i want this directions to...
> >     >> Chaining Backend...
> >     >>
> >     >> Regards,
> >     >> Sergio
> >     >>
> >     >> On Mon, 2006-10-02 at 14:12 -0400, Brian Smith wrote:
> >     >>> Hello all, I've been working on getting chaining working with
> >     an active
> >     >>> directory back end for a week now.  Has anyone successfully
> >     done this or
> >     >>> have directions on setting this up?
> >     >>>
> >     >>>  Brian Smith
> >     >>>
> >     >>> Howard Chu wrote:
> >     >>> >
> >     >>> >> Date: Mon, 02 Oct 2006 10:01:55 -0600
> >     >>> >> From: Richard Megginson <rmeggins at redhat.com
> >     <mailto:rmeggins at redhat.com> <mailto:rmeggins at redhat.com
> >     <mailto:rmeggins at redhat.com>>>
> >     >>> >
> >     >>> >> Sergio Diaz wrote:
> >     >>> >>> Hi Richard;
> >     >>> >>>
> >     >>> >>> Openldap:
> >     >>> >>>
> >     >>> >>>   The  *meta* backend to *slapd(8)
> >     >>> >>> <
> >
> http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8
> >     <
> http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8
> >
> >     <
> >
> http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8
> >     <
> http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8
> >>>*
> >     >>> >>> performs basic LDAP proxying with respect
> >     >>> >>>        to a set of remote LDAP
> >     servers,  called  "targets".   The
> >     >>> >>> information
> >     >>> >>>        contained  in  these  servers can be presented as
> >     belonging
> >     >>> >>> to a single
> >     >>> >>>        Directory Information Tree (DIT).
> >     >>> >>>
> >     >>> >>> Its possible with FDS ??
> >     >>> >>>
> >     >>> >> FDS has a chaining backend which allows you to use another
> LDAP
> >     >>> >> server to store the data.
> >     >>> >
> >     >>> > It sounds like the FDS chaining backend is similar to OpenLDAP
> >     >>> > back-ldap and/or the chaining overlay. In OpenLDAP back-ldap
> >     forwards
> >     >>> > a request to one other server (at a time; multiple servers
> >     can be
> >     >>> > configured but the others will only be used if the first
> >     server cannot
> >     >>> > be contacted). The back-meta backend is a superset of
> >     back-ldap, it
> >     >>> > can fanout single requests to multiple servers in parallel and
> >     >>> > aggregate the results. (There's also attribute mapping and DN
> >     >>> > rewriting, but those capabilities are no longer unique to
> >     back-meta,
> >     >>> > having been moved into the rewrite overlay.) With these
> >     modules you
> >     >>> > can stitch together a variety of heterogeneous directories
> >     into a
> >     >>> > coherent virtual directory.
> >     >>> >
> >     >>> >>> Regards!!
> >     >>> >>> Sergio
> >     >>> >>>
> >     >>> >>>
> >     >>> >>> On Mon, 2006-10-02 at 07:25 -0600, Richard Megginson wrote:
> >     >>> >>>> Sergio Diaz wrote:
> >     >>> >>>>> Hi People,
> >     >>> >>>>>
> >     >>> >>>>> Its Possible Sync only in One Way ?
> >     >>> >>>>> Users Windows AD -> FDS.
> >     >>> >>>> No, not really.
> >     >>> >>>>> Or the other scenario its like OpenLDAP have a Meta
> >     Backend (2
> >     >>> >>>>> LDAPs, 1 AD), its possible with FDS ?
> >     >>> >>>> It's possible. What does the meta backend do?
> >     >>> >>>>>
> >     >>> >>>>> Regards,
> >     >>> >>>>> Sergio
> >     >>> >
> >     >>> >
> >     >>>
> >     >>> --
> >     >>> Fedora-directory-users mailing list
> >     >>> Fedora-directory-users at redhat.com
> >     <mailto:Fedora-directory-users at redhat.com>
> >     <mailto:Fedora-directory-users at redhat.com
> >     <mailto:Fedora-directory-users at redhat.com>>
> >     >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >     >>>
> >     >
> >
> ------------------------------------------------------------------------
> >
> >     >
> >     > --
> >     > Fedora-directory-users mailing list
> >     > Fedora-directory-users at redhat.com
> >     <mailto:Fedora-directory-users at redhat.com>
> >     > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >     >
> >
> >
> >     --
> >     Fedora-directory-users mailing list
> >     Fedora-directory-users at redhat.com
> >     <mailto:Fedora-directory-users at redhat.com>
> >     https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20061013/ea4eb333/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SearchAD.png
Type: image/png
Size: 90003 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061013/ea4eb333/attachment.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BrowseCritical.png
Type: image/png
Size: 146245 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061013/ea4eb333/attachment-0001.png 


[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux