> Michal Rejda wrote: > >> Michal Rejda wrote: > >> > >>>> Michal Rejda wrote: > >>>> > >>>> > >>>>>> -----Original Message----- > >>>>>> From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora- > >>>>>> directory-users-bounces@xxxxxxxxxx] On Behalf Of Rich Megginson > >>>>>> Sent: Tuesday, April 14, 2009 4:25 PM > >>>>>> To: General discussion list for the Fedora Directory server > >>>>>> > >> project. > >> > >>>>>> Subject: Re: LDAP proxy > >>>>>> > >>>>>> Michal Rejda wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>>> I tried to use http://tinyurl.com/culeft. But the database link > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> doesn't work. I setup the database link to the Active Directory > >>>>>> > >> (and > >> > >>>>>> OpenLDAP). When I looked into Wireshark log, FDS send search > >>>>>> > >> request > >> > >>>>>> with controls: > >>>>>> > >>>>>> > >>>>>> > >>>>>>> 2.16.840.1.113730.3.4.2 > >>>>>>> 2.16.840.1.113730.3.4.12 > >>>>>>> And the AD server responded: Unavailable Critical Extension. > >>>>>>> > >>>>>>> I tried to remove this two controls from Database Link Settings > >>>>>>> > >> (in > >> > >>>>>>> > >>>>>> administration console) but it didn't help. The server didn't > >>>>>> > >> return > >> > >>>>>> the message above, but the administrative console show error > >>>>>> > >> dialog. > >> > >>>>>> What error? > >>>>>> > >>>>>> > >>>>>> > >>>>> I tried it again and the error message is exactly: > >>>>> > >>>>> Error fading object 'dn: dc=example, dc=com'. > >>>>> The error send by the server was: > >>>>> ". > >>>>> > >>>>> In the Whireshark log was still the search request witch control: > >>>>> 2.16.840.1.113730.3.4.2 > >>>>> > >>>>> Why is this control needed by the server when I removed it from > >>>>> > >>>>> > >>>> Database link settings? > >>>> > >>>> I'm not sure - maybe the console is not working correctly. Try > this: > >>>> 1) Shutdown the server > >>>> 2) cd /etc/dirsrv/slapd-yourinstance > >>>> 3) edit dse.ldif - look for the entry > >>>> dn: cn=config,cn=chaining database,cn=plugins,cn=config > >>>> 4) edit the nsTransmittedControls attribute - remove > >>>> 2.16.840.1.113730.3.4.2 > >>>> 5) save and restart the server > >>>> > >>>> > >>> I looked into dse.ldif for a nsTransmittedControls attribute. There > >>> > >> is only the 1.3.6.1.4.1.1466.29539.12. , not the problematic > >> 2.16.840.1.113730.3.4.2. > >> > >>> Isn't the 2.16.840.1.113730.3.4.2 hardcoded? > >>> > >> If it is, I don't see it. There is no mention of managedsa or > >> 2.16.840.1.113730.3.4.2 anywhere in the chaining backend code. The > >> only place it is mentioned is in the default list of > >> nsTransmittedControls in the template-dse.ldif used during new > >> instance creation. > >> > >>> Why is this so necessary? > >>> > >>> > >> It's not necessary, and I'm not sure where it is coming from. Once > >> place might be an internal operation, but I'm not sure what internal > >> operation would be doing this. You might also try to remove > >> nsActiveChainingComponents and nsPossibleChainingComponents to see > if > >> one of those components is doing an internal operation with > >> managedsait set. > >> > > > > I removed nsActiveChainingComponents and nsPossibleChainingComponents > and it didn't help. > > > Then I'm not sure where it's coming from. I suppose you could enable > tracing in the directory server and see if there is anything > interesting in the error log - see > http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting In the attachment is the part of the server error log. I removed all messages before I click on the exclamation mark before the DN in the Fedora administration console -> Directory folder tab. I don't understand this log. It is helpful for you? > > > >>>>>>>> Michal Rejda wrote: > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> Hi all, > >>>>>>>>> > >>>>>>>>> I?m trying to setup proxy on FDS to another LDAP server > >>>>>>>>> > >> (OpenLDAP > >> > >>>>>>>>> and Active Directory). I tried two ways, but none of these > >>>>>>>>> > >> works: > >> > >>>>>>>>> 1) New database link to LDAP server. > >>>>>>>>> > >>>>>>>>> - The remote LDAP server (OpenLDAP) returns: null. > manageDSAit > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> control > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> value not found > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> You might have to tweak the controls used by chaining - see > >>>>>>>> http://tinyurl.com/culeft > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> 2) Create multiple-master replication and setup other server > >>>>>>>>> as > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> consumer. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> - But this show error: 255 Replication error acquiring > replica: > >>>>>>>>> unknown error. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> Replication will only work to a SunDS, not to any other > vendor. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> My question is: Is there way how to setup proxy to access > >>>>>>>>> > >> another > >> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> LDAP > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> server from Fedora DS? I know that is possible to use AD > sync, > >>>>>>>>> > >>>>>>>>> > >>>> but > >>>> > >>>> > >>>>>> I > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> cannot install anything on the AD server. The second reason > >>>>>>>>> why > >>>>>>>>> > >> I > >> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> need > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> to setup proxy is to use data stored in LDAP server > (OpenLDAP, > >>>>>>>>> Open Direcoty Server and Active Directory) in one place. I > >>>>>>>>> need > >>>>>>>>> > >>>>>>>>> > >>>> to > >>>> > >>>> > >>>>>> update > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> them too. It is not necessary to synchronize passwords. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> See also > >>>>>>>> > >>>>>>>> > >> http://directory.fedoraproject.org/wiki/Howto:OpenldapIntegration > >> > >>>>>>>> > >>>>>>>> > >>>>>>>>> Thank you for reply. > >>>>>>>>> > >>>>>>>>> Regards, > >>>>>>>>> > >>>>>>>>> Michal > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>> > >>> -- > >>> Fedora-directory-users mailing list > >>> Fedora-directory-users@xxxxxxxxxx > >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>> > >>> > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > >
Attachment:
errors.log
Description: Binary data
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
