---------------------- > > Message: 8 > Date: Tue, 15 Dec 2009 09:45:11 -0700 > From: Rich Megginson <rmeggins at redhat.com> > Subject: Re: [389-users] I need some help! > To: "General discussion list for the 389 Directory server project." > <fedora-directory-users at redhat.com> > Message-ID: <4B27BD17.5080504 at redhat.com> > Content-Type: text/plain; charset=windows-1251; format=flowed > > Dimon wrote: > > Hi everyone! I'm a beginer in Fedora Directory (389 project) server so I hope that you will give me an advice to solve my problem. > > > > I want to synchronize my diectory server with Active Directory's users (centos-ds-8.1.0). I read the manual Red Hat 8.1 and had success. But my AD users have Posix atributes (home directory, gidnumber, uidnumber, Nis Domain) and they did not synchronize. > Right. Windows Sync does not work with posix attributes. > > I've read about DNA plugin in DS. It't written that I have to check pugin int my cn=plugins,cn=config and initialize it. I did so. I didn't have success. The probles is: my centos-ds doesn't match with the example described in the Rd Hat manual. > > > How so? What example? Can you provide a link? I found some Installing guide about directory-server in pdf - format... And found there examples how to configure DNA using dnagidnumber,dnauidnumber, dnaNextvalue parameters. As I said ldap shema doesn't have any of them. If it necessary i will send you the Installing guide! > > It's written that I must have parameters such dnagidnumber,dnauidnumber, dnaNextvalue and others (it is showed on the pictures). I don't have any parameters connected with dna...My Ldap schema doesn't have any dna* nevertheless plugin DNA (libdna.so) present even in my ds-tree. > These attributes and objectclasses are defined internally and not exported. > > When I filled check box in order co configure DNA nothing happend! YES this parameters are internal - I wanted to see them in Directory -> config->plugins->DNS ->Properties->advanced. I saw classes, any other parameters but I didn't se dna* in the way how it is showed in manual! I didn't see. I tryed to add them from ldap schema - but it doesn't content any off them! I tryed to Reconfigure it from file - witch content somthing like dn: cn= Distributed Advanced Plugin,cn=plugin,cn=config Objectclass ... dnauidnumber, dnaguidnumber, dnaNextvalue and others... But when I tryed to add it via command line - I had an error - invalid dna (or nknown parameters - I'am not sure now!). I followed the manual. Configure DNA via command line! > What check box? On or off Configuration->DNA plugin cn=plugins,cn=config > > Duaring synchronization I still have no Posix account activated and parameters which I need > Do you think DNA is going to fill in home directory and NIS domain? Acctually I thought that I will have an oportunity to fill guid and uid automatically using DNA or replicate it from my AD with it. Cause AD accounts content them all. > > I use centos-idm-console-1.0.1 in order to manage the server. When I try to turn off DNA plugin - server says that "Server in unwilling to perform the operation. Cause the DNA plugin doesn't configure properly" - or somthing like that. > check the directory server access and errors logs for more information. > > I found manual about configure centos-ds with pictures - and as I said (it's written that I have to turn on DNA plugin - just fill check box). > > > Enabling and disabling plugin requires a server restart. It doesn't work! Because when I'am trying to turn off DNA plugin and push save button - I have the error. Otherwise my settings don't save! Of cource I tryed to reboot my server! And plugin is still on. So I found it in my .lde config and turned it off manually. I have no additional information about it in my log-files! > > I have no idea how to solve it. May be you will have some time to give me a clue about it. I need it very much. And I have the other problem with it. I want to change the password using ldappasswd. It's required using LDAPS port 636. When I'm trying to use ldpapasswd - or ldapsearch on 636 port, session waiting for something and it seams nothing happens, session just waits. I tryed to debug it using ldapsearch with -d. I didn't see any mistakes. I have feeling that it is connected with ldap.conf (client) but I don't know how to solve it yet. Using ldapsearch on 389 port - everything is fine. > > > Can you paste the output of ldappasswd -d 1 to fpaste.org and paste the > link here? I solved this problem I tryed to use ldappasswd -x -h localhost -p 636 -D "" -W -b "" and I didn't work. ldappasswd needs secure connection - so I read some articles and use -Z and -p 389 instead of 636 and everything works fine. Now I can change passwords in my DS using only one command line. > > Thank you in advance! -- ??????? ----------------------------------------------------------- http://FREEhost.UA - ??? ??????? ???????? ????? ? ???????! ?????? ???? ???????????? ?????? http://freehost.com.ua/cuponakciya.php
