> Michal Rejda wrote: > >> Michal Rejda wrote: > >> > >>>> -----Original Message----- > >>>> From: fedora-directory-users-bounces at redhat.com [mailto:fedora- > >>>> directory-users-bounces at redhat.com] On Behalf Of Rich Megginson > >>>> Sent: Tuesday, April 14, 2009 4:25 PM > >>>> To: General discussion list for the Fedora Directory server > project. > >>>> Subject: Re: LDAP proxy > >>>> > >>>> Michal Rejda wrote: > >>>> > >>>> > >>>>> I tried to use http://tinyurl.com/culeft. But the database link > >>>>> > >>>>> > >>>> doesn't work. I setup the database link to the Active Directory > (and > >>>> OpenLDAP). When I looked into Wireshark log, FDS send search > request > >>>> with controls: > >>>> > >>>> > >>>>> 2.16.840.1.113730.3.4.2 > >>>>> 2.16.840.1.113730.3.4.12 > >>>>> And the AD server responded: Unavailable Critical Extension. > >>>>> > >>>>> I tried to remove this two controls from Database Link Settings > (in > >>>>> > >>>>> > >>>> administration console) but it didn't help. The server didn't > return > >>>> the message above, but the administrative console show error > dialog. > >>>> > >>>> What error? > >>>> > >>>> > >>> I tried it again and the error message is exactly: > >>> > >>> Error fading object 'dn: dc=example, dc=com'. > >>> The error send by the server was: > >>> ". > >>> > >>> In the Whireshark log was still the search request witch control: > >>> 2.16.840.1.113730.3.4.2 > >>> > >>> Why is this control needed by the server when I removed it from > >>> > >> Database link settings? > >> > >> I'm not sure - maybe the console is not working correctly. Try this: > >> 1) Shutdown the server > >> 2) cd /etc/dirsrv/slapd-yourinstance > >> 3) edit dse.ldif - look for the entry > >> dn: cn=config,cn=chaining database,cn=plugins,cn=config > >> 4) edit the nsTransmittedControls attribute - remove > >> 2.16.840.1.113730.3.4.2 > >> 5) save and restart the server > >> > > > > I looked into dse.ldif for a nsTransmittedControls attribute. There > is only the 1.3.6.1.4.1.1466.29539.12. , not the problematic > 2.16.840.1.113730.3.4.2. > > Isn't the 2.16.840.1.113730.3.4.2 hardcoded? > If it is, I don't see it. There is no mention of managedsa or > 2.16.840.1.113730.3.4.2 anywhere in the chaining backend code. The only > place it is mentioned is in the default list of nsTransmittedControls > in > the template-dse.ldif used during new instance creation. > > Why is this so necessary? > > > It's not necessary, and I'm not sure where it is coming from. Once > place > might be an internal operation, but I'm not sure what internal > operation > would be doing this. You might also try to remove > nsActiveChainingComponents and nsPossibleChainingComponents to see if > one of those components is doing an internal operation with managedsait > set. I removed nsActiveChainingComponents and nsPossibleChainingComponents and it didn't help. > > > >>>>>> Michal Rejda wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>>> Hi all, > >>>>>>> > >>>>>>> I?m trying to setup proxy on FDS to another LDAP server > (OpenLDAP > >>>>>>> and Active Directory). I tried two ways, but none of these > works: > >>>>>>> > >>>>>>> 1) New database link to LDAP server. > >>>>>>> > >>>>>>> - The remote LDAP server (OpenLDAP) returns: null. manageDSAit > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> control > >>>>>> > >>>>>> > >>>>>> > >>>>>>> value not found > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> You might have to tweak the controls used by chaining - see > >>>>>> http://tinyurl.com/culeft > >>>>>> > >>>>>> > >>>>>> > >>>>>>> 2) Create multiple-master replication and setup other server as > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> consumer. > >>>>>> > >>>>>> > >>>>>> > >>>>>>> - But this show error: 255 Replication error acquiring replica: > >>>>>>> unknown error. > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> Replication will only work to a SunDS, not to any other vendor. > >>>>>> > >>>>>> > >>>>>> > >>>>>>> My question is: Is there way how to setup proxy to access > another > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> LDAP > >>>>>> > >>>>>> > >>>>>> > >>>>>>> server from Fedora DS? I know that is possible to use AD sync, > >>>>>>> > >> but > >> > >>>> I > >>>> > >>>> > >>>>>>> cannot install anything on the AD server. The second reason why > I > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> need > >>>>>> > >>>>>> > >>>>>> > >>>>>>> to setup proxy is to use data stored in LDAP server (OpenLDAP, > >>>>>>> Open Direcoty Server and Active Directory) in one place. I need > >>>>>>> > >> to > >> > >>>> update > >>>> > >>>> > >>>>>>> them too. It is not necessary to synchronize passwords. > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> See also > >>>>>> > http://directory.fedoraproject.org/wiki/Howto:OpenldapIntegration > >>>>>> > >>>>>> > >>>>>> > >>>>>>> Thank you for reply. > >>>>>>> > >>>>>>> Regards, > >>>>>>> > >>>>>>> Michal > >>>>>>> > >>>>>>> > >>>>>>> > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >
