On 10/13/06, Richard Megginson <rmeggins at redhat.com> wrote: > > Sergio Diaz wrote: > > Hi all, > > > > I successfully connect the AD Back End DB to FDS like Brian Smith, i > > disable the nsProxiedAuthorization (comment by Richard Meggison) in > > Plugins->Chaining Database->AD (is the name of my Sub Suffix), but i > > cant Browse the Directory "Critical Extension unavailable". > I don't understand. You can't "Browse" the directory, but you can > search Users and Groups? Yes. Look the ScreenShots -> SearchAD.png and BrowseCritical.png In the Console i can Search Users from AD or FDS. In the Directory Sever in TAB Directory i cant Browse the Settings of my Domain (Critical Extension Unavailable) Map Attributes No. OK > > > > Its possible to Link the Database of the AD only for Read ? > You might be able to set the Chaining Database to be readonly in its > settings. In wich part i can do this ? Regards, Sergio > I like to write a Howto for this settings. > > > > Regards, > > Sergio > > > > > > > > > > > > > > On 10/2/06, *Richard Megginson* <rmeggins at redhat.com > > <mailto:rmeggins at redhat.com>> wrote: > > > > It may be that AD doesn't support proxied auth, in which case you > > should > > tell chaining to disable it. See > > > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#21180 > > < > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#21180 > > > > for more information - the pertinent attribute is > > nsProxiedAuthorization > > > > Brian Smith wrote: > > > All, > > > Here's what I've now done to enable the AD Back end DB for a sub > > tree: > > > 1. Click configuration and select the "dc=domain,dc=com" tree. > > > 2. Right click "dc=domain,dc=com" tree and select new sub suffix > > > 3. In New Suffix box, typed "ou=subsuffix1" and unchecked create > > > associated database automatically and click OK. > > > 4. Open "dc=domain,dc=com" and right click > > > "ou=subsuffix1,dc=domain,dc=com, and select "new database link. > > > 5. Here, I put Database link name "subsuffix1", put the bind > > dn and > > > password of a domain user account in my AD, and put the domain > > > controller ip in the remote server box and clicked save. (I can > > > connect to my AD with the DN I provided here) > > > 6. Check enable this suffix under > > ou=subsuffix1,dc=worldpub,dc=corp > > > > > > now subsuffix1 database appears under > > ou=subsuffix1,dc=domain,dc=com. > > > If I now go to the directory tab, and select the directory entry, > i > > > get critical extension unavailable and if i use an ldap browser > > i get > > > list failed on the main tree. Did i miss a step? If I disable > the > > > ou=subsuffix1,dc=domain,dc=com suffix i can browse the tree no > > > problem. Thanks! > > > Brian Smith > > > > > > > > > > > > Sergio Diaz wrote: > > >> > > >> FDS, OpenLDAP and AD > > >> > > >> One Directory FDS.....i want this directions to... > > >> Chaining Backend... > > >> > > >> Regards, > > >> Sergio > > >> > > >> On Mon, 2006-10-02 at 14:12 -0400, Brian Smith wrote: > > >>> Hello all, I've been working on getting chaining working with > > an active > > >>> directory back end for a week now. Has anyone successfully > > done this or > > >>> have directions on setting this up? > > >>> > > >>> Brian Smith > > >>> > > >>> Howard Chu wrote: > > >>> > > > >>> >> Date: Mon, 02 Oct 2006 10:01:55 -0600 > > >>> >> From: Richard Megginson <rmeggins at redhat.com > > <mailto:rmeggins at redhat.com> <mailto:rmeggins at redhat.com > > <mailto:rmeggins at redhat.com>>> > > >>> > > > >>> >> Sergio Diaz wrote: > > >>> >>> Hi Richard; > > >>> >>> > > >>> >>> Openldap: > > >>> >>> > > >>> >>> The *meta* backend to *slapd(8) > > >>> >>> < > > > http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8 > > < > http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8 > > > > < > > > http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8 > > < > http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8 > >>>* > > >>> >>> performs basic LDAP proxying with respect > > >>> >>> to a set of remote LDAP > > servers, called "targets". The > > >>> >>> information > > >>> >>> contained in these servers can be presented as > > belonging > > >>> >>> to a single > > >>> >>> Directory Information Tree (DIT). > > >>> >>> > > >>> >>> Its possible with FDS ?? > > >>> >>> > > >>> >> FDS has a chaining backend which allows you to use another > LDAP > > >>> >> server to store the data. > > >>> > > > >>> > It sounds like the FDS chaining backend is similar to OpenLDAP > > >>> > back-ldap and/or the chaining overlay. In OpenLDAP back-ldap > > forwards > > >>> > a request to one other server (at a time; multiple servers > > can be > > >>> > configured but the others will only be used if the first > > server cannot > > >>> > be contacted). The back-meta backend is a superset of > > back-ldap, it > > >>> > can fanout single requests to multiple servers in parallel and > > >>> > aggregate the results. (There's also attribute mapping and DN > > >>> > rewriting, but those capabilities are no longer unique to > > back-meta, > > >>> > having been moved into the rewrite overlay.) With these > > modules you > > >>> > can stitch together a variety of heterogeneous directories > > into a > > >>> > coherent virtual directory. > > >>> > > > >>> >>> Regards!! > > >>> >>> Sergio > > >>> >>> > > >>> >>> > > >>> >>> On Mon, 2006-10-02 at 07:25 -0600, Richard Megginson wrote: > > >>> >>>> Sergio Diaz wrote: > > >>> >>>>> Hi People, > > >>> >>>>> > > >>> >>>>> Its Possible Sync only in One Way ? > > >>> >>>>> Users Windows AD -> FDS. > > >>> >>>> No, not really. > > >>> >>>>> Or the other scenario its like OpenLDAP have a Meta > > Backend (2 > > >>> >>>>> LDAPs, 1 AD), its possible with FDS ? > > >>> >>>> It's possible. What does the meta backend do? > > >>> >>>>> > > >>> >>>>> Regards, > > >>> >>>>> Sergio > > >>> > > > >>> > > > >>> > > >>> -- > > >>> Fedora-directory-users mailing list > > >>> Fedora-directory-users at redhat.com > > <mailto:Fedora-directory-users at redhat.com> > > <mailto:Fedora-directory-users at redhat.com > > <mailto:Fedora-directory-users at redhat.com>> > > >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >>> > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > <mailto:Fedora-directory-users at redhat.com> > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > <mailto:Fedora-directory-users at redhat.com> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20061013/ea4eb333/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: SearchAD.png Type: image/png Size: 90003 bytes Desc: not available Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061013/ea4eb333/attachment.png -------------- next part -------------- A non-text attachment was scrubbed... Name: BrowseCritical.png Type: image/png Size: 146245 bytes Desc: not available Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061013/ea4eb333/attachment-0001.png
