> Also what's the UNBIND shown in the logs?
>
> Thanks
>
>> From: fedora-directory-users-request@xxxxxxxxxx
>> Reply-To: fedora-directory-users@xxxxxxxxxx
>> To: fedora-directory-users@xxxxxxxxxx
>> Subject: Fedora-directory-users Digest, Vol 19, Issue 1
>> Date: Fri, 1 Dec 2006 12:00:06 -0500 (EST)
>>
>> Send Fedora-directory-users mailing list submissions to
>> fedora-directory-users@xxxxxxxxxx
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>> or, via email, send a message with subject or body 'help' to
>> fedora-directory-users-request@xxxxxxxxxx
>>
>> You can reach the person managing the list at
>> fedora-directory-users-owner@xxxxxxxxxx
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Fedora-directory-users digest..."
>>
>>
>> Today's Topics:
>>
>> 1. pam_ldap with SSL/TLS (t b)
>> 2. RE: pam_ldap with SSL/TLS (Morris, Patrick)
>> 3. Re: pam_ldap with SSL/TLS (Richard Megginson)
>> 4. Problem with SSL console in X in specific circumstances
>> (Philip Kime)
>> 5. FW: Extracting details from
>> ActiveDirectoryto FDS (Paxton, Darren)
>> 6. alias in fedora directory server (patrick ndjientcheu ngandjui)
>> 7. Re: FW: Extracting details from
>> ActiveDirectoryto FDS (Nicholas Byrne)
>> 8. Re: Memory usage (koniczynek)
>> 9. Re: Memory usage (David Boreham)
>> 10. Re: Memory usage (koniczynek)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Thu, 30 Nov 2006 12:31:50 -0500
>> From: "t b" <mxheadroom@xxxxxxxxxxx>
>> Subject: pam_ldap with SSL/TLS
>> To: fedora-directory-users@xxxxxxxxxx
>> Message-ID: <BAY116-F322745E96D702ED748B1D0CDDB0@xxxxxxx>
>> Content-Type: text/plain; format=flowed
>>
>> I am trying to setup pam_ldap to use TLS to communicate with the FDS,
>> but
>> having lots of problems doing so; it works if I use the unencrypted
>> way but
>> not if I use ldaps ( port 636 )
>>
>> I used the instructions at,
>> http://directory.fedora.redhat.com/wiki/Howto:PAM
>>
>> Has anyone gotten PAM to work TLS
>>
>>
>> Thanks
>>
>> _________________________________________________________________
>> Buy, Load, Play. The new Sympatico / MSN Music Store works seamlessly
>> with
>> Windows Media Player. Just Click PLAY.
>>
http://musicstore.sympatico.msn.ca/content/viewer.aspx?cid=SMS_Sept192006
>>
>>
>>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Thu, 30 Nov 2006 13:00:56 -0500
>> From: "Morris, Patrick" <patrick.morris@xxxxxx>
>> Subject: RE: pam_ldap with SSL/TLS
>> To: "General discussion list for the Fedora Directory server project."
>> <fedora-directory-users@xxxxxxxxxx>
>> Message-ID:
>>
<CD18C81835E18A40A64C4A0D16A237BE05FE850D@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>>
>>
>> Content-Type: text/plain; charset="US-ASCII"
>>
>> > I am trying to setup pam_ldap to use TLS to communicate with
>> > the FDS, but having lots of problems doing so; it works if I
>> > use the unencrypted way but not if I use ldaps ( port 636 )
>>
>> Someone should jump in here and correct me if I'm wrong, but I believe
>> it's normal for TLS connections to happen on the standard LDAP port.
>> You should be able to tell from your logs whether the connection is
>> encrypted or not.
>>
>>
>>
>> ------------------------------
>>
>> Message: 3
>> Date: Thu, 30 Nov 2006 11:08:08 -0700
>> From: Richard Megginson <rmeggins@xxxxxxxxxx>
>> Subject: Re: pam_ldap with SSL/TLS
>> To: "General discussion list for the Fedora Directory server project."
>> <fedora-directory-users@xxxxxxxxxx>
>> Message-ID: <456F1E08.40601@xxxxxxxxxx>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Morris, Patrick wrote:
>> >> I am trying to setup pam_ldap to use TLS to communicate with
>> >> the FDS, but having lots of problems doing so; it works if I
>> >> use the unencrypted way but not if I use ldaps ( port 636 )
>> >>
>> >
>> > Someone should jump in here and correct me if I'm wrong, but I
believe
>> > it's normal for TLS connections to happen on the standard LDAP port.
>> > You should be able to tell from your logs whether the connection is
>> > encrypted or not.
>> >
>> Yes. The LDAP "preferred" way is to use the startTLS extended
operation
>> which starts a TLS session on the non-secure port. This will be logged
>> in the access log.
>> > --
>> > Fedora-directory-users mailing list
>> > Fedora-directory-users@xxxxxxxxxx
>> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>> >
>> -------------- next part --------------
>> A non-text attachment was scrubbed...
>> Name: smime.p7s
>> Type: application/x-pkcs7-signature
>> Size: 3178 bytes
>> Desc: S/MIME Cryptographic Signature
>> Url :
>>
https://www.redhat.com/archives/fedora-directory-users/attachments/20061130/0634e78a/smime.bin
>>
>>
>> ------------------------------
>>
>> Message: 4
>> Date: Thu, 30 Nov 2006 18:02:55 -0800
>> From: "Philip Kime" <pkime@xxxxxxxxxxxxx>
>> Subject: Problem with SSL console in X in
>> specific circumstances
>> To: <fedora-directory-users@xxxxxxxxxx>
>> Message-ID:
>> <9C0091F428E697439E7A773FFD083427435BE3@xxxxxxxxxxxxxxxxxxxxxxxx>
>> Content-Type: text/plain; charset="us-ascii"
>>
>> Here's the problem:
>>
>> Running startconsole (SSL) to a remote display on a PC X-server
(xwin32)
>> works fine and requires that my windows home dir on the PC X-server
>> machine has .fedora-console/ containing cert8.db and key3.db, as you'd
>> expect. If I rename this dir, the console hangs at the splash screen.
So
>> far, so good, all makes sense.
>>
>> If I try the same thing to cygwin's X server on same machine or to an X
>> server on a Mac running OSX, startconsole always hangs as if it can't
>> find ~/.fedora-console on the local machine. I've tried copying this
dir
>> to what cygwin/OSX thinks is the user's home dir but no luck. Where
>> should I put the Cert db files under "real" UNIX X to get the SSL
>> console to work? Also tried ~/.mmc as per the docs but I could never
get
>> this to work.
>>
>> PK
>>
>> --
>> Philip Kime
>> NOPS Systems Architect
>> 310 401 0407
>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL:
>>
https://www.redhat.com/archives/fedora-directory-users/attachments/20061130/054ecbd6/attachment.html
>>
>>
>> ------------------------------
>>
>> Message: 5
>> Date: Fri, 1 Dec 2006 08:04:30 -0000
>> From: "Paxton, Darren" <Darren.Paxton@xxxxxxxxxx>
>> Subject: FW: Extracting details from
>> ActiveDirectoryto FDS
>> To: <Fedora-directory-users@xxxxxxxxxx>
>> Message-ID:
>> <52F7C07B119CF4439B7EFBFE0FB3256B027CBD02@xxxxxxxxxxxxxxxxxxxxxx>
>> Content-Type: text/plain; charset="us-ascii"
>>
>> Skipped content of type multipart/alternative-------------- next part
>> --------------
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users@xxxxxxxxxx
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>> ------------------------------
>>
>> Message: 6
>> Date: Fri, 1 Dec 2006 08:10:42 +0000 (GMT)
>> From: patrick ndjientcheu ngandjui <tchen_pat@xxxxxxxx>
>> Subject: alias in fedora directory server
>> To: Fedora-directory-users@xxxxxxxxxx
>> Message-ID: <20061201081042.78578.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Hi,
>> I would like to know how to use alias in fedora directory server.It
>> seems that it is used for point to another entry in the directory,but
>> i don't know how to use this feature.May someone helps me on this
>> issue? I would really appreciate an example.
>>
>> Thanks
>>
>>
>>
>>
>>
>>
>>
>>
>>
___________________________________________________________________________
>>
>> Découvrez une nouvelle façon d'obtenir des réponses à toutes vos
>> questions !
>> Profitez des connaissances, des opinions et des expériences des
>> internautes sur Yahoo! Questions/Réponses
>> http://fr.answers.yahoo.com
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL:
>>
https://www.redhat.com/archives/fedora-directory-users/attachments/20061201/0fa54e4f/attachment.html
>>
>>
>> ------------------------------
>>
>> Message: 7
>> Date: Fri, 01 Dec 2006 11:50:13 +0000
>> From: Nicholas Byrne <nicholas.byrne@xxxxxxxxxxxx>
>> Subject: Re: FW: Extracting details from
>> ActiveDirectoryto FDS
>> To: "General discussion list for the Fedora Directory server project."
>> <fedora-directory-users@xxxxxxxxxx>
>> Message-ID: <457016F5.5030202@xxxxxxxxxxxx>
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>> Your messages got through - you can confirm by checking the archives -
>> https://www.redhat.com/archives/fedora-directory-users/
>>
>> I'm a new user as well so i'm afraid i can't answer your question, but
>> if you keep asking i'm sure someone will know!
>> Nick
>>
>> Paxton, Darren wrote:
>> > Apologies for mailing yet again, however either my messages are not
>> > getting through (something I don't believe as I keep getting the post
>> > to the mailing list) - or for some reason, no one is willing to even
>> > acknowledge my issue.
>> >
>> > In the spirit of the community - can someone at least acknowledge a
>> > message as I find it quite disheartening that I have had no replies
at
>> > all even if just to point me somewhere for assistance.
>> >
>> >
>>
------------------------------------------------------------------------
>> > *From:* fedora-directory-users-bounces@xxxxxxxxxx
>> > [mailto:fedora-directory-users-bounces@xxxxxxxxxx] *On Behalf Of
>> > *Paxton, Darren
>> > *Sent:* 30 November 2006 08:46
>> > *To:* General discussion list for the Fedora Directory server
project.
>> > *Subject:* RE: Extracting details from
>> > ActiveDirectoryto FDS
>> >
>> > Hi
>> >
>> > Has anyone had any thoughts on my query or can point me in the right
>> > direction?
>> >
>> > As is the nature of AD, I would have thought it is possible to
extract
>> > this information using a scope setting or something similar.
>> >
>> > Thanks
>> >
>> > Darren
>> >
>> >
>>
------------------------------------------------------------------------
>> > *From:* fedora-directory-users-bounces@xxxxxxxxxx
>> > [mailto:fedora-directory-users-bounces@xxxxxxxxxx] *On Behalf Of
>> > *Paxton, Darren
>> > *Sent:* 24 November 2006 14:56
>> > *To:* fedora-directory-users@xxxxxxxxxx
>> > *Subject:* Extracting details from
Active
>> > Directoryto FDS
>> >
>> > Hi all,
>> >
>> > I've been tinkering with integrating our Linux devices into our
AD
>> > domain for some time and I've hit a few brick walls, however I've
>> > recently discovered FDS and the synchronisation features with AD.
>> >
>> > I've managed to set up a few replication jobs, however due to the
>> > extensive nature of our AD, I've realised that the sync only
takes
>> > the group and user objects from the OU or CN being specified.
>> >
>> > Is there any way I can specify that it should traverse all
>> > subtrees of an OU and extract all that information back into FDS?
>> >
>> > Thanks
>> >
>> > Darren
>> >
>> > --
>> > Darren Paxton
>> > EMEA Tier2
>> > Red Hat Certified Engineer
>> > VMware Certified Professional
>> > MGTI Centralised ops
>> >
>> >
>> > This e-mail and any attachments may be confidential or legally
>> > privileged.If you received this message in error or are not the
>> > intended recipient, you should destroy the email message and any
>> > attachments or copies, and you are prohibited from retaining,
>> > distributing, disclosing or using any information contained herein.
>> > Please inform us of the erroneous delivery by return e-mail. Thank
you
>> > for your co-operation.
>> >
>> > Mercer Human Resource Consulting Limited is authorised and regulated
>> > by the Financial Services Authority. Registered in England No.
984275.
>> > Registered Office: 1 Tower Place West, Tower Place, London, EC3R 5BU.
>> >
>> >
>>
------------------------------------------------------------------------
>> >
>> > --
>> > Fedora-directory-users mailing list
>> > Fedora-directory-users@xxxxxxxxxx
>> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>> >
>> >
>>
------------------------------------------------------------------------
>> >
>> > --
>> > Fedora-directory-users mailing list
>> > Fedora-directory-users@xxxxxxxxxx
>> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
>> >
>>
>>
>>
>> This e-mail is the property of Quadriga Worldwide Ltd, intended for
>> the addressee only and confidential. Any dissemination, copying or
>> distribution of this message or any attachments is strictly prohibited.
>>
>> If you have received this message in error, please notify us
>> immediately by replying to the message and deleting it from your
>> computer.
>>
>> Messages sent to and from Quadriga may be monitored.
>>
>> Quadriga cannot guarantee any message delivery method is secure or
>> error-free. Information could be intercepted, corrupted, lost,
>> destroyed, arrive late or incomplete, or contain viruses.
>>
>> We do not accept responsibility for any errors or omissions in this
>> message and/or attachment that arise as a result of transmission.
>>
>> You should carry out your own virus checks before opening any
>> attachment.
>>
>> Any views or opinions presented are solely those of the author and do
>> not necessarily represent those of Quadriga.
>>
>>
>>
>> ------------------------------
>>
>> Message: 8
>> Date: Fri, 01 Dec 2006 16:45:28 +0100
>> From: koniczynek <koniczynek@xxxxxxxxxx>
>> Subject: Re: Memory usage
>> To: "General discussion list for the Fedora Directory server project."
>> <fedora-directory-users@xxxxxxxxxx>
>> Message-ID: <45704E18.3070705@xxxxxxxxxx>
>> Content-Type: text/plain; charset=ISO-8859-2; format=flowed
>>
>> Richard Megginson napisa³(a):
>> > This is an excellent cache/memory tuning document from a Sun
employee,
>> > primarily targeted to Sun DS users, but almost all of the
>> information is
>> > relevant to Fedora DS (since they share a common lineage).
>> >
>> > http://www.directorymanager.org/blogs/ds_cache_sizing.pdf
>> Lets say I heven't got much time lately so without thinking I've
changed
>> in dse.ldif
>> nsslapd-import-cache-autosize from -1 to 1 and after restarting I've
>> started to receive errors like: "3 Time limit exceeded" Someone do know
>> what to do? ;)
>>
>> --
>> xmpp/email: koniczynek@xxxxxxxxxx
>> xmpp/email: koniczynek@xxxxxxxxx
>>
>>
>>
>> ------------------------------
>>
>> Message: 9
>> Date: Fri, 01 Dec 2006 09:15:14 -0700
>> From: David Boreham <david_list@xxxxxxxxxxx>
>> Subject: Re: Memory usage
>> To: "General discussion list for the Fedora Directory server project."
>> <fedora-directory-users@xxxxxxxxxx>
>> Message-ID: <45705512.4070808@xxxxxxxxxxx>
>> Content-Type: text/plain; charset=ISO-8859-2; format=flowed
>>
>> koniczynek wrote:
>>
>> > Richard Megginson napisa³(a):
>> >
>> >> This is an excellent cache/memory tuning document from a Sun
>> >> employee, primarily targeted to Sun DS users, but almost all of the
>> >> information is relevant to Fedora DS (since they share a common
>> >> lineage).
>> >>
>> >> http://www.directorymanager.org/blogs/ds_cache_sizing.pdf
>> >
>> > Lets say I heven't got much time lately so without thinking I've
>> > changed in dse.ldif
>> > nsslapd-import-cache-autosize from -1 to 1 and after restarting I've
>> > started to receive errors like: "3 Time limit exceeded" Someone do
>> > know what to do? ;)
>> >
>> Change it back ?
>>
>>
>>
>>
>>
>> ------------------------------
>>
>> Message: 10
>> Date: Fri, 01 Dec 2006 17:53:22 +0100
>> From: koniczynek <koniczynek@xxxxxxxxxx>
>> Subject: Re: Memory usage
>> To: "General discussion list for the Fedora Directory server project."
>> <fedora-directory-users@xxxxxxxxxx>
>> Message-ID: <45705E02.7020709@xxxxxxxxxx>
>> Content-Type: text/plain; charset=ISO-8859-2
>>
>> David Boreham, dnia 2006-12-01 17:15 napisal:
>> >> Lets say I heven't got much time lately so without thinking I've
>> >> changed in dse.ldif
>> >> nsslapd-import-cache-autosize from -1 to 1 and after restarting I've
>> >> started to receive errors like: "3 Time limit exceeded" Someone do
>> >> know what to do? ;)
>> > Change it back ?
>> man, please, show some respect ;) I did change it back, but to no
avail.
>> Also I can say (to stop further questions): yes, I've stopped the
server
>> before change.
>>
>> --
>> email/xmpp: koniczynek@xxxxxxxxxx
>>
>>
>>
>> ------------------------------
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users@xxxxxxxxxx
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>> End of Fedora-directory-users Digest, Vol 19, Issue 1
>> *****************************************************
>
> _________________________________________________________________
> Off to school, going on a trip, or moving? Windows Live (MSN)
> Messenger lets you stay in touch with friends and family wherever you
> go. Click here to find out how to sign up!
> http://www.telusmobility.com/msnxbox/
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
Url :
https://www.redhat.com/archives/fedora-directory-users/attachments/20061201/7d15c5b4/smime.bin
------------------------------
Message: 2
Date: Fri, 01 Dec 2006 15:23:28 -0800
From: To Ngan <tngan@xxxxxxxxxx>
Subject: Re: AD + FDS sync stops working?
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users@xxxxxxxxxx>
Message-ID: <4570B970.3070901@xxxxxxxxxx>
Content-Type: text/plain; charset="windows-1252"
Dan Oglesby wrote:
> I tried the following:
>
> In windows registry->HKLM->Software->PasswordSync, try add string value
?Log
> Level? and set it to ?1?. Restart the passsync service. This should
log
> all transactions and errors. Turn this back to "0" and restart passsync
> after troubleshooting.
>
> All I see in the log is this:
>
> 11/30/06 09:12:58: begin log
> 11/30/06 09:12:59: 0 new entries loaded from file
> 11/30/06 09:14:20: 0 new entries loaded from file
> 11/30/06 09:14:20: 0 entries saved to file
> 11/30/06 09:14:20: end log
> 11/30/06 09:14:22: begin log
> 11/30/06 09:14:22: 0 new entries loaded from file
>
> That?s after restarting the passsync service twice, and changing a
user?s
> password in AD four times.
>
Hmm... 2 Windows sync stopped working together after 6 months. Any cert
on AD or DS side expired?
--
toto
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3233 bytes
Desc: S/MIME Cryptographic Signature
Url :
https://www.redhat.com/archives/fedora-directory-users/attachments/20061201/b9f1ea83/smime.bin
------------------------------
Message: 3
Date: Sat, 02 Dec 2006 09:28:17 +0100
From: koniczynek <koniczynek@xxxxxxxxxx>
Subject: Re: Memory usage
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users@xxxxxxxxxx>
Message-ID: <45713921.1080009@xxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-2
Richard Megginson, dnia 2006-12-01 18:00 napisal:
>> man, please, show some respect ;) I did change it back, but to no
avail.
>> Also I can say (to stop further questions): yes, I've stopped the
server
>> before change.
>>
> What types of searches are returning time limit exceeded? Can you post
> relevant excerpts from the access and error logs?
I'm "benchmarking" my FDS with "ldapsearch -x" and earlier it worked and
now it does not. In error logs there were "err=3" but I don't remember
much more and I'll have access to the logs on Monday, so till then, only
I can provide only this information (because I do not remember anything
more ;) )
--
email/xmpp: koniczynek@xxxxxxxxxx
------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
End of Fedora-directory-users Digest, Vol 19, Issue 3
*****************************************************
