Replicating o=NetscapeRoot for admin server failover

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



John Dickinson wrote:
> Hi,
>
> Using Fedora DS 1.1.2 (compiled from source) on CentOS 5.1.
>
> I am trying to replicate o=NetscapeRoot for admin server failover and 
> having a few problems.
>
> (I have read 
> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Replication-Replicating-ADS-for-Failover.html) 
>
>
> The detailed notes I have written on the steps for doing this can be 
> found here 
> http://jadickinson.co.uk/test/howto/replicating-netscaperoot-on-fedora-ds/ 
>
>
> In short I
> 1. have server 1 already running
> 2. Add replication info to server 1
> 3. Install server 2
> 4. on server 2 run setup-ds.pl -f /tmp/config.inf
> 5. On server 1 initialize the consumer
>     So now server 2 has the replicated o=netscaperoot
> 6. on server 2 run register-ds-admin.pl
>
> When I do this I can connect with the console to server 1 and see both 
> servers listed. I can browse the ds and admin console for server 1 OK. 
> However, if I double click to open the directory console for server 2 
> and click on the configuration tab I get a message saying that 
> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot 
> doesn't have permission to perform this operation. If I connect as 
> cn=Directory Manager it works fine.
>
> The difference seems to be that server 2 lacks the following  entries 
> in the slapd-server2/dse.ldif
>
> aci: (targetattr="*")(version 3.0; acl "Configuration Administrators 
> Group"; a
>  llow (all) groupdn="ldap:///cn=Configuration Administrators, 
> ou=Groups, ou=T
>  opologyManagement, o=NetscapeRoot";)
> aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; 
> allow (a
>  ll) userdn="ldap:///uid=admin, ou=Administrators, 
> ou=TopologyManagement, o=N
>  etscapeRoot";)
> aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) 
> groupdn = "l
>  dap:///cn=slapd-server1, cn=Fedora Directory Server, cn=Server Group, 
> cn=server1.example.com, ou=example.com, o=NetscapeRoot";)
>
> Adding them to dse.ldif on server 2 seems to fix things but I don't 
> understand why they don't exist on server 2 and am concerned that this 
> is a sign of something that I have failed to do correctly.
It's probably a bug in the failover setup procedures.
>
> Also what is the correct way to specify password in 
> nsDS5ReplicaCredentials and userPassword when a) using ldapmodify
Provide the plain text
> or b) editing dse.ldif?
Don't do that.
> The documentation seems to say that you should use the hash of the 
> password but that seems to give odd results.
Where does the documentation say that?
> Plain text passwords seem to work...
Yes - please use plain text passwords.  That's the only way password 
policy can be enforced, among other reasons.
>
> Thanks
> John
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20081001/4f21bf4b/attachment.bin 


[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux