Re: FDS and AD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sergio Diaz wrote:

Hi all,
I successfully connect the AD Back End DB to FDS like Brian Smith, i disable the nsProxiedAuthorization (comment by Richard Meggison) in Plugins->Chaining Database->AD (is the name of my Sub Suffix), but i cant Browse the Directory "Critical Extension unavailable".
I don't understand. You can't "Browse" the directory, but you can search Users and Groups? 

- In the Console i can search Users, Groups of my AD and FDS   =) Happy!!

Two Questions:
Its possible to Map the Attributes like:

map attribute  uid sAMAaccountname
map attribute  cn  name
map attribute  mail userprincipalname
map attribute  account user

No.


Its possible to Link the Database of the AD only for Read ?
You might be able to set the Chaining Database to be readonly in its settings. 

I like to write a Howto for this settings.

Regards,
Sergio
On 10/2/06, *Richard Megginson* <rmeggins@xxxxxxxxxx <mailto:rmeggins@xxxxxxxxxx>> wrote: 

    It may be that AD doesn't support proxied auth, in which case you
    should
    tell chaining to disable it.  See
    http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#21180
    <http://www.redhat.com/docs/manuals/dir-server/ag/7.1/entry_dist.html#21180>
    for more information - the pertinent attribute is
    nsProxiedAuthorization

    Brian Smith wrote:
    > All,
    > Here's what I've now done to enable the AD Back end DB for a sub
    tree:
    > 1.   Click configuration and select the "dc=domain,dc=com" tree.
    > 2.   Right click "dc=domain,dc=com" tree and select new sub suffix
    > 3.   In New Suffix box, typed "ou=subsuffix1" and unchecked create
    > associated database automatically and click OK.
    > 4.   Open "dc=domain,dc=com" and right click
    > "ou=subsuffix1,dc=domain,dc=com, and select "new database link.
    > 5.   Here, I put Database link name "subsuffix1", put the bind
    dn and
    > password of a domain user account in my AD, and put the domain
    > controller ip in the remote server box and clicked save. (I can
    > connect to my AD with the DN I provided here)
    > 6.   Check enable this suffix under
    ou=subsuffix1,dc=worldpub,dc=corp
    >
    > now subsuffix1 database appears under
    ou=subsuffix1,dc=domain,dc=com.
    > If I now go to the directory tab, and select the directory entry, i
    > get critical extension unavailable and if i use an ldap browser
    i get
    > list failed on the main tree.  Did i miss a step?  If I disable the
    > ou=subsuffix1,dc=domain,dc=com suffix i can browse the tree no
    > problem.  Thanks!
    > Brian Smith
    >
    >
    >
    > Sergio Diaz wrote:
    >>
    >> FDS, OpenLDAP and AD
    >>
    >> One Directory FDS.....i want this directions to...
    >> Chaining Backend...
    >>
    >> Regards,
    >> Sergio
    >>
    >> On Mon, 2006-10-02 at 14:12 -0400, Brian Smith wrote:
    >>> Hello all, I've been working on getting chaining working with
    an active
    >>> directory back end for a week now.  Has anyone successfully
    done this or
    >>> have directions on setting this up?
    >>>
    >>>  Brian Smith
    >>>
    >>> Howard Chu wrote:
    >>> >
    >>> >> Date: Mon, 02 Oct 2006 10:01:55 -0600
    >>> >> From: Richard Megginson <rmeggins@xxxxxxxxxx
    <mailto:rmeggins@xxxxxxxxxx> <mailto:rmeggins@xxxxxxxxxx
    <mailto:rmeggins@xxxxxxxxxx>>>
    >>> >
    >>> >> Sergio Diaz wrote:
    >>> >>> Hi Richard;
    >>> >>>
    >>> >>> Openldap:
    >>> >>>
    >>> >>>   The  *meta* backend to *slapd(8)
    >>> >>> <
    http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8
    <http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8>
    <
    http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8
    <http://docsrv.caldera.com:8457/cgi-bin/man?mansearchword=slapd&mansection=8>>>*
    >>> >>> performs basic LDAP proxying with respect
    >>> >>>        to a set of remote LDAP
    servers,  called  "targets".   The
    >>> >>> information
    >>> >>>        contained  in  these  servers can be presented as
    belonging
    >>> >>> to a single
    >>> >>>        Directory Information Tree (DIT).
    >>> >>>
    >>> >>> Its possible with FDS ??
    >>> >>>
    >>> >> FDS has a chaining backend which allows you to use another LDAP
    >>> >> server to store the data.
    >>> >
    >>> > It sounds like the FDS chaining backend is similar to OpenLDAP
    >>> > back-ldap and/or the chaining overlay. In OpenLDAP back-ldap
    forwards
    >>> > a request to one other server (at a time; multiple servers
    can be
    >>> > configured but the others will only be used if the first
    server cannot
    >>> > be contacted). The back-meta backend is a superset of
    back-ldap, it
    >>> > can fanout single requests to multiple servers in parallel and
    >>> > aggregate the results. (There's also attribute mapping and DN
    >>> > rewriting, but those capabilities are no longer unique to
    back-meta,
    >>> > having been moved into the rewrite overlay.) With these
    modules you
    >>> > can stitch together a variety of heterogeneous directories
    into a
    >>> > coherent virtual directory.
    >>> >
    >>> >>> Regards!!
    >>> >>> Sergio
    >>> >>>
    >>> >>>
    >>> >>> On Mon, 2006-10-02 at 07:25 -0600, Richard Megginson wrote:
    >>> >>>> Sergio Diaz wrote:
    >>> >>>>> Hi People,
    >>> >>>>>
    >>> >>>>> Its Possible Sync only in One Way ?
    >>> >>>>> Users Windows AD -> FDS.
    >>> >>>> No, not really.
    >>> >>>>> Or the other scenario its like OpenLDAP have a Meta
    Backend (2
    >>> >>>>> LDAPs, 1 AD), its possible with FDS ?
    >>> >>>> It's possible. What does the meta backend do?
    >>> >>>>>
    >>> >>>>> Regards,
    >>> >>>>> Sergio
    >>> >
    >>> >
    >>>
    >>> --
    >>> Fedora-directory-users mailing list
    >>> Fedora-directory-users@xxxxxxxxxx
    <mailto:Fedora-directory-users@xxxxxxxxxx>
    <mailto:Fedora-directory-users@xxxxxxxxxx
    <mailto:Fedora-directory-users@xxxxxxxxxx>>
    >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
    >>>
    >
    ------------------------------------------------------------------------

    >
    > --
    > Fedora-directory-users mailing list
    > Fedora-directory-users@xxxxxxxxxx
    <mailto:Fedora-directory-users@xxxxxxxxxx>
    > https://www.redhat.com/mailman/listinfo/fedora-directory-users
    >


    --
    Fedora-directory-users mailing list
    Fedora-directory-users@xxxxxxxxxx
    <mailto:Fedora-directory-users@xxxxxxxxxx>
    https://www.redhat.com/mailman/listinfo/fedora-directory-users




------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux