On 04/13/2010 06:40 PM, Nathan Kinder wrote: > can be used for the uidNumber and gidNumber attributes. These fields > will not be auto-populated in the Console when you are adding an entry. Thank you for the clarification ! > You enabled the plug-in, but a configuration entry is necessary for DNA > to know what you want it to do. That makes sense. > masters, which you may or may not want. Are you using multi-master > replication, and if so, do you need to automatically transfer ranges No - single-master (to keep things simple). > I'd like to see the DNA config entry you are attempting to add. You > should also check the Directory Server errors log sicne it should say > why the DNA config entry you are trying to add is invalid. Look for > lines containing "dna_parse_config_entry". The DNA config was exactly that as specified in the Red Hat documentation, edited only to satisfy my local environment : dn: cn=Account UIDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config objectClass: top objectClass: extensibleObject cn: Account UIDs dnatype: uidNumber dnafilter: (objectclass=posixAccount) dnascope: ou=People, dc=<dc>,dc=<dc> dnanextvalue: 1 dnaMaxValue: 1300 dnasharedcfgdn: cn=Account UIDs,ou=Ranges,dc=<dc>,dc=<dc> dnathreshold: 100 dnaRangeRequestTimeout: 60 dnaMagicRegen: magic The related error log entry : [13/Apr/2010:15:15:05 +0000] dna-plugin - dna_parse_config_entry: Unable to locate shared configuration entry (cn=Account UIDs,ou=Ranges,dc=<dc>,dc=<dc>) access log : [14/Apr/2010:09:16:28 +0000] conn=40 fd=66 slot=66 connection from 127.0.0.1 to 127.0.0.1 [14/Apr/2010:09:16:28 +0000] conn=40 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [14/Apr/2010:09:16:28 +0000] conn=40 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [14/Apr/2010:09:16:28 +0000] conn=40 op=1 ADD dn="cn=Account UIDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" [14/Apr/2010:09:16:28 +0000] conn=40 op=1 RESULT err=53 tag=105 nentries=0 etime=0 [14/Apr/2010:09:16:28 +0000] conn=40 op=2 UNBIND [14/Apr/2010:09:16:28 +0000] conn=40 op=2 fd=66 closed - U1 As you mentioned, the likely culprit was the fact that the Red Hat entry contains fields which are not present in my actual configuration. This is entirely logical, and i should have picked up on that. > exhausting any of the ranges. For a single master setup, you would just > want to use a config entry like this: > > dn: cn=Account UIDs,cn=Distributed Numeric Assignment > Plugin,cn=plugins,cn=config > objectClass: top > objectClass: extensibleObject > cn: Account UIDs > dnatype: uidNumber > dnafilter: (objectclass=posixAccount) > dnascope: ou=people, dc=example,dc=com > dnaNextValue: 501 That looks quite sensible. After editing the dnascope and dnaNextValue fields for my environment, i was successfully able to add this config entry. adding new entry cn=Account UIDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config modify complete When i use the console to add a new user, it expects there to be a value in three fields : UID Number, GID Number, and Home Directory. The console will not create the entry if those fields are empty. If i manually add numerical values into the UID or GID field, slapd crashes instantly - and i do mean instantly, as there are no log entries at all. The error log : [14/Apr/2010:09:22:57 +0000] - CentOS-Directory/8.1.0 B2009.134.1334 starting up [14/Apr/2010:09:22:57 +0000] - slapd started. Listening on All Interfaces port 389 for LDAP requests [14/Apr/2010:09:29:16 +0000] - CentOS-Directory/8.1.0 B2009.134.1334 starting up [14/Apr/2010:09:29:16 +0000] - Detected Disorderly Shutdown last time Directory Server was running, recovering database. [14/Apr/2010:09:29:16 +0000] - slapd started. Listening on All Interfaces port 389 for LDAP requests At ~ 09:28, i attempted to add the user entry as described above. At ~ 09:29 i manually restarted the dirsrv service. As you can see, there are no long entries related to the interaction or the crash. The access log is silent on this event as well. Ths console states only the generic « Cannot connect to the LDAP server » error message. I can repeat this error condition consistently. Should i file a bug report ? -- Daniel Maher <dma + 389users AT witbe DOT net> -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
