The way I have set it up, using domain.org, that host is accessible - when domain.org is contacted, it forwards it to the server. So just like I am able to ssh into the server itself by contacting domain.org and getting the port forwarded to itself, it does have access to itself via the domain. So I am not using ldap.domain.org, just domain.org >You should use dc=domain,dc=org for your user and group entries. Thanks Rich, I will add that (if it lets me). nick On Fri, Feb 29, 2008 at 10:30 AM, Rich Megginson <rmeggins at redhat.com> wrote: > Nick P wrote: > > I am trying to install and configure my first FDS, and first LDAP > > server. I have spent many hours with little fruit so far. Currently, > > I am receiving an error at the end of the setup-ds-admin script: > > [08/02/29:02:37:41] - [Setup] Fatal Could not register the directory > > server with the configuration directory server. > > > > The error is similar to what is described in this bug: > > https://bugzilla.redhat.com/show_bug.cgi?id=431103. However, my > > configuration directory is _not_ on another host. I answered 'no' to > > the question of whether I would be registering with a current > > configuration server. I don't know if the solution presented there > > would work - I am forwarding a port to the server, and do not have a > > hostname.domain.org to use there. I have had trouble adding entries, > > so if I added them and it didn't fix the problem, I would not know if > > the solution failed or if I failed to add the entries properly. The > > server is NAT'ed and receiving a forwarded port. so I have been using > > mydomain.org for the servername and identifying the port that gets > > forwarded. > > > > If you can help me make some sense of this, I would very much > > appreciate it. If the workaround in the bug above is the answer, > > could you address my specific situation of not having a FQDN with a > > host and everything - how will this effect the entries? After failing > > to add entries with success many times I have started to use a windows > > client, Ldapadmin - could I use this, if the work around is the > > solution? Should the entries go in o=netscaperoot or dc=domain,dc=org > > ? > > > You should use dc=domain,dc=org for your user and group entries. > > I am also including a portion of the log file that was created during > > the installation. Is there anything here that shows what the root of > > the problem is? > > > I think the problem is that the setup script assumes that if you want > the server to use hostname ldap.domain.org then the hostname > ldap.domain.org must be available to resolve to the setup program. I > suppose an enhancement to setup would be to allow you to specify the > hostname you want the client requests to use, and the hostname you want > the setup program to use internally to connect to and set up the server. > > Thanks, > > > > Nick > > > > -------------------- > > > > +Entry cn=topologyplugin, ou=1.1, ou=Admin, ou=Global Preferences, > > ou=admin, o=NetscapeRoot is added > > +++check_and_add_entry: Entry not found cn=defaultplugin, > > cn=topologyplugin, ou=1.1, ou=Admin, ou=Global Preferences, ou=admin, > > o=NetscapeRoot error No such object > > +Entry cn=defaultplugin, cn=topologyplugin, ou=1.1, ou=Admin, > > ou=Global Preferences, ou=admin, o=NetscapeRoot is added > > +++check_and_add_entry: Entry not found cn=UI,ou=1.1, ou=Admin, > > ou=Global Preferences, ou=admin, o=NetscapeRoot error No such object > > +Entry cn=UI,ou=1.1, ou=Admin, ou=Global Preferences, ou=admin, > > o=NetscapeRoot is added > > +Processing /usr/share/dirsrv/data/12dsconfig.mod.tmpl ... > > +++check_and_add_entry: Found entry cn=config > > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > > "Configuration Administrators Group"; allow (all) > > groupdn="ldap:///cn=Configuration Administrators, ou=Groups, > > ou=TopologyManagement, o=NetscapeRoot";) to entry cn=config > > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > > "Configuration Administrator"; allow (all) userdn="ldap:///uid=admin, > > ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";) to entry > > cn=config > > +++Adding attr=aci value=(targetattr = "*")(version 3.0; acl "SIE > > Group"; allow (all) groupdn = "ldap:///cn=slapd-server, cn=Fedora > > Directory Server, cn=Server Group, cn=server, ou=admin, > > o=NetscapeRoot";) to entry cn=config > > +++check_and_add_entry: Found entry cn=SNMP,cn=config > > +++Adding attr=aci > > value=(target="ldap:///cn=SNMP,cn=config";)(targetattr !="aci")(version > > 3.0;acl "snmp";allow (read, search, compare)(userdn = > > "ldap:///anyone";);) to entry cn=SNMP,cn=config > > +++check_and_add_entry: Found entry > > oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > > +++Adding attr=aci value=(targetattr != "aci")(version 3.0; acl "VLV > > Request Control"; allow( read, search, compare, proxy ) userdn = > > "ldap:///all";;) to entry > > oid=2.16.840.1.113730.3.4.9,cn=features,cn=config > > +Processing /usr/share/dirsrv/data/13dsschema.mod.tmpl ... > > +++check_and_add_entry: Found entry cn=schema > > +++Adding attr=aci value=(target="ldap:///cn=schema";)(targetattr > > !="aci")(version 3.0;acl "anonymous, no acis"; allow (read, search, > > compare) userdn = "ldap:///anyone";;) to entry cn=schema > > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > > "Configuration Administrators Group"; allow (all) > > groupdn="ldap:///cn=Configuration Administrators, ou=Groups, > > ou=TopologyManagement, o=NetscapeRoot";) to entry cn=schema > > +++Adding attr=aci value=(targetattr="*")(version 3.0; acl > > "Configuration Administrator"; allow (all) > > userdn="ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, > > o=NetscapeRoot";) to entry cn=schema > > +++Adding attr=aci value=(targetattr = "*")(version 3.0; acl "SIE > > Group"; allow (all) groupdn = "ldap:///cn=slapd-server, cn=Fedora > > Directory Server, cn=Server Group, cn=server, ou=admin, > > o=NetscapeRoot";) to entry cn=schema > > +Processing /usr/share/dirsrv/data/14dsmonitor.mod.tmpl ... > > +++check_and_add_entry: Found entry cn=monitor > > +++Adding attr=aci value=(target ="ldap:///cn=monitor*";)(targetattr != > > "aci || connection")(version 3.0; acl "monitor"; allow( read, search, > > compare ) userdn = "ldap:///anyone";;) to entry cn=monitor > > +Processing /usr/share/dirsrv/data/16dssuffixadmin.mod.tmpl ... > > +++check_and_add_entry: Entry not found dc=hpconnect,dc=org error No > such object > > Could not authenticate as user 'uid=admin, ou=Administrators, > > ou=TopologyManagement, o=NetscapeRoot' to server > > 'ldap://server:46645/o=NetscapeRoot'. Error: Invalid credentials > > Could not register the directory server with the configuration directory > server. > > > > > > ----------------------------------------------- > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080229/9d5c1a99/attachment.html
