> Michal Rejda wrote: > > > >> -----Original Message----- > >> From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora- > >> directory-users-bounces@xxxxxxxxxx] On Behalf Of Rich Megginson > >> Sent: Tuesday, April 14, 2009 4:25 PM > >> To: General discussion list for the Fedora Directory server project. > >> Subject: Re: LDAP proxy > >> > >> Michal Rejda wrote: > >> > >>> I tried to use http://tinyurl.com/culeft. But the database link > >>> > >> doesn't work. I setup the database link to the Active Directory (and > >> OpenLDAP). When I looked into Wireshark log, FDS send search request > >> with controls: > >> > >>> 2.16.840.1.113730.3.4.2 > >>> 2.16.840.1.113730.3.4.12 > >>> And the AD server responded: Unavailable Critical Extension. > >>> > >>> I tried to remove this two controls from Database Link Settings (in > >>> > >> administration console) but it didn't help. The server didn't return > >> the message above, but the administrative console show error dialog. > >> > >> What error? > >> > > I tried it again and the error message is exactly: > > > > Error fading object 'dn: dc=example, dc=com'. > > The error send by the server was: > > ". > > > > In the Whireshark log was still the search request witch control: > > 2.16.840.1.113730.3.4.2 > > > > Why is this control needed by the server when I removed it from > Database link settings? > > > I'm not sure - maybe the console is not working correctly. Try this: > 1) Shutdown the server > 2) cd /etc/dirsrv/slapd-yourinstance > 3) edit dse.ldif - look for the entry > dn: cn=config,cn=chaining database,cn=plugins,cn=config > 4) edit the nsTransmittedControls attribute - remove > 2.16.840.1.113730.3.4.2 > 5) save and restart the server I looked into dse.ldif for a nsTransmittedControls attribute. There is only the 1.3.6.1.4.1.1466.29539.12. , not the problematic 2.16.840.1.113730.3.4.2. Isn't the 2.16.840.1.113730.3.4.2 hardcoded? Why is this so necessary? > > > >>>> Michal Rejda wrote: > >>>> > >>>> > >>>>> Hi all, > >>>>> > >>>>> I?m trying to setup proxy on FDS to another LDAP server (OpenLDAP > >>>>> and Active Directory). I tried two ways, but none of these works: > >>>>> > >>>>> 1) New database link to LDAP server. > >>>>> > >>>>> - The remote LDAP server (OpenLDAP) returns: null. manageDSAit > >>>>> > >>>>> > >>>> control > >>>> > >>>> > >>>>> value not found > >>>>> > >>>>> > >>>>> > >>>> You might have to tweak the controls used by chaining - see > >>>> http://tinyurl.com/culeft > >>>> > >>>> > >>>>> 2) Create multiple-master replication and setup other server as > >>>>> > >>>>> > >>>> consumer. > >>>> > >>>> > >>>>> - But this show error: 255 Replication error acquiring replica: > >>>>> unknown error. > >>>>> > >>>>> > >>>>> > >>>> Replication will only work to a SunDS, not to any other vendor. > >>>> > >>>> > >>>>> My question is: Is there way how to setup proxy to access another > >>>>> > >>>>> > >>>> LDAP > >>>> > >>>> > >>>>> server from Fedora DS? I know that is possible to use AD sync, > but > >>>>> > >> I > >> > >>>>> cannot install anything on the AD server. The second reason why I > >>>>> > >>>>> > >>>> need > >>>> > >>>> > >>>>> to setup proxy is to use data stored in LDAP server (OpenLDAP, > >>>>> Open Direcoty Server and Active Directory) in one place. I need > to > >>>>> > >> update > >> > >>>>> them too. It is not necessary to synchronize passwords. > >>>>> > >>>>> > >>>>> > >>>> See also > >>>> http://directory.fedoraproject.org/wiki/Howto:OpenldapIntegration > >>>> > >>>> > >>>>> Thank you for reply. > >>>>> > >>>>> Regards, > >>>>> > >>>>> Michal > >>>>> > >>>>> -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
