|
osdir.com mailing list archive |
|
Subject: RE: [Fedora-directory-users] LDAP proxy - msg#00134List: fedora-directory-users> BTW, I would really appreciate it if you could write up something for > the wiki about "using chaining to create an AD 'view'" - if you would > rather just send me the info in an email, that would be fine too. Yes this information would be great, please advise when it is available. Cheers, Anthony -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users Thread at a glance:
Previous Message by Date: click to view message previewRe: [Fedora-directory-users] dnaEdward Konetzko wrote: I have been wanting to test out lib dna, can anyone tell me why the redhat-ds-base packages have on their configure line "--disable-dna". Are there problems with dns in the 8.0.4 release? Yes. It is fully supported in RHDS 8.1, which will be released soon. Also if there is a better way of using dna with Redhat Directory Server can someone point me in that direction? I do not have official Redhat support for Directory Server as I am testing it out before we go through the whole process of purchasing it. I suggest you try out fedora-ds-base 1.2.0. Thank you for your help in advance. Edward -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users smime.p7s Description: S/MIME Cryptographic Signature -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users Next Message by Date: click to view message previewRE: [Fedora-directory-users] LDAP proxy> > > > BTW, I would really appreciate it if you could write up something for > > the wiki about "using chaining to create an AD 'view'" - if you would > > rather just send me the info in an email, that would be fine too. > > Yes this information would be great, please advise when it is > available. It is available at: http://directory.fedoraproject.org/wiki/Howto:ChainToAD > > Cheers, > > Anthony > > -- > Fedora-directory-users mailing list > Fedora-directory-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users Previous Message by Thread: click to view message previewRe: [Fedora-directory-users] LDAP proxyMichal Rejda wrote: Michal Rejda wrote: Michal Rejda wrote: Michal Rejda wrote: Michal Rejda wrote: Michal Rejda wrote: -----Original Message----- From: fedora-directory-users-bounces@xxxxxxxxxx [mailto:fedora- directory-users-bounces@xxxxxxxxxx] On Behalf Of Rich Megginson Sent: Tuesday, April 14, 2009 4:25 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] LDAP proxy Michal Rejda wrote: I tried to use http://tinyurl.com/culeft. But the database link doesn't work. I setup the database link to the Active Directory (and OpenLDAP). When I looked into Wireshark log, FDS send search request with controls: 2.16.840.1.113730.3.4.2 2.16.840.1.113730.3.4.12 And the AD server responded: Unavailable Critical Extension. I tried to remove this two controls from Database Link Settings (in administration console) but it didn't help. The server didn't return the message above, but the administrative console show error dialog. What error? I tried it again and the error message is exactly: Error fading object 'dn: dc=example, dc=com'. The error send by the server was: ". In the Whireshark log was still the search request witch control: 2.16.840.1.113730.3.4.2 Why is this control needed by the server when I removed it from Database link settings? I'm not sure - maybe the console is not working correctly. Try this: 1) Shutdown the server 2) cd /etc/dirsrv/slapd-yourinstance 3) edit dse.ldif - look for the entry dn: cn=config,cn=chaining database,cn=plugins,cn=config 4) edit the nsTransmittedControls attribute - remove 2.16.840.1.113730.3.4.2 5) save and restart the server I looked into dse.ldif for a nsTransmittedControls attribute. There is only the 1.3.6.1.4.1.1466.29539.12. , not the problematic 2.16.840.1.113730.3.4.2. Isn't the 2.16.840.1.113730.3.4.2 hardcoded? If it is, I don't see it. There is no mention of managedsa or 2.16.840.1.113730.3.4.2 anywhere in the chaining backend code. The only place it is mentioned is in the default list of nsTransmittedControls in the template-dse.ldif used during new instance creation. Why is this so necessary? It's not necessary, and I'm not sure where it is coming from. Once place might be an internal operation, but I'm not sure what internal operation would be doing this. You might also try to remove nsActiveChainingComponents and nsPossibleChainingComponents to see if one of those components is doing an internal operation with managedsait set. I removed nsActiveChainingComponents and nsPossibleChainingComponents and it didn't help. Then I'm not sure where it's coming from. I suppose you could enable tracing in the directory server and see if there is anything interesting in the error log - see http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting In the attachment is the part of the server error log. I removed all messages before I click on the exclamation mark before the DN in the Fedora administration console -> Directory folder tab. I don't understand this log. It is helpful for you? Ah, I see. You are using the console to try to browse the AD tree? And you are using the console admin user "admin"? Try ldapsearch from the command line, and attempt to authenticate as an AD user (e.g. cn=administrator,cn=users,dc=example,dc=com). Yes, you are right. I use the console to browse AD tree. But I do this because there is attention marker before the root suffix (lib- w2k3r2) in the Directory tab and I just double click on it. I tried ldapsearch using AD user (Administrator). I'm able to login but the ldapsearch don't show any results (I use Apache Directory Studio). When I looked into Whireshark log, I now see that another critical extension is missing: 2.16.840.1.113730.3.4.12. The log is in the attachment. Make sure 2.16.840.1.113730.3.4.12 is not in the transmitted controls. Set nsProxiedAuthorization to 0 - that should make it not use 2.16.840.1.113730.3.4.12 which is the proxyauth control. It works. Thank you very much! I can connect to the AD and list users and whatever I want. I have one more difficulty. When I send ldapmodify to the node in the AD, FDS add to this request two more attributes (modifiersname, modifytimestamp). AD don't know these attributes and returns the error (errorMessage: 00000057: LdapErr: DSID-0C090A85, comment: Error in attribute conversion operation, data 0, vece). Is it possible to disable this functionality Yes. This is the nsslapd-lastmod attribute in cn=config - set this to 0 or rewrite attributes name into AD attributes name (e.g. modifytimestamp -> whenChanged)? I cannot change AD schema. No, it's not possible to map it. BTW, I would really appreciate it if you could write up something for the wiki about "using chaining to create an AD 'view'" - if you would rather just send me the info in an email, that would be fine too. Michal Rejda wrote: Hi all, I’m trying to setup proxy on FDS to another LDAP server (OpenLDAP and Active Directory). I tried two ways, but none of these works: 1) New database link to LDAP server. - The remote LDAP server (OpenLDAP) returns: null. manageDSAit control value not found You might have to tweak the controls used by chaining - see http://tinyurl.com/culeft 2) Create multiple-master replication and setup other server as consumer. - But this show error: 255 Replication error acquiring replica: unknown error. Replication will only work to a SunDS, not to any other vendor. My question is: Is there way how to setup proxy to access another LDAP server from Fedora DS? I know that is possible to use AD sync, but I cannot install anything on the AD server. The second reason why I need to setup proxy is to use data stored in LDAP server (OpenLDAP, Open Direcoty Server and Active Directory) in one place. I need to update them too. It is not necessary to synchronize passwords. See also http://directory.fedoraproject.org/wiki/Howto:OpenldapIntegration Thank you for reply. Regards, Michal -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users ------------------------------------------------------------------- - - - -- -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users --------------------------------------------------------------------- - -- -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users ------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users smime.p7s Description: S/MIME Cryptographic Signature -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users Next Message by Thread: click to view message previewRE: [Fedora-directory-users] LDAP proxy> Michal Rejda wrote: > >> Michal Rejda wrote: > >> > >>>> Michal Rejda wrote: > >>>> > >>>> > >>>>>> Michal Rejda wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>>>> Michal Rejda wrote: > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>> Michal Rejda wrote: > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>>>> -----Original Message----- > >>>>>>>>>>>> From: fedora-directory-users-bounces@xxxxxxxxxx > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>> [mailto:fedora- > >>>> > >>>> > >>>>>>>>>>>> directory-users-bounces@xxxxxxxxxx] On Behalf Of Rich > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>> Megginson > >>>> > >>>> > >>>>>>>>>>>> Sent: Tuesday, April 14, 2009 4:25 PM > >>>>>>>>>>>> To: General discussion list for the Fedora Directory > server > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>> project. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>>> Subject: Re: [Fedora-directory-users] LDAP proxy > >>>>>>>>>>>> > >>>>>>>>>>>> Michal Rejda wrote: > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>>> I tried to use http://tinyurl.com/culeft. But the > database > >>>>>>>>>>>>> link > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>> doesn't work. I setup the database link to the Active > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>> Directory > >>>> > >>>> > >>>>>>>> (and > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>>> OpenLDAP). When I looked into Wireshark log, FDS send > >>>>>>>>>>>> search > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>> request > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>>> with controls: > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>>> 2.16.840.1.113730.3.4.2 > >>>>>>>>>>>>> 2.16.840.1.113730.3.4.12 > >>>>>>>>>>>>> And the AD server responded: Unavailable Critical > >>>>>>>>>>>>> > >> Extension. > >> > >>>>>>>>>>>>> I tried to remove this two controls from Database Link > >>>>>>>>>>>>> Settings > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>> (in > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>>> administration console) but it didn't help. The server > >>>>>>>>>>>> > >> didn't > >> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>> return > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>>> the message above, but the administrative console show > >>>>>>>>>>>> error > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>> dialog. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>>> What error? > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>> I tried it again and the error message is exactly: > >>>>>>>>>>> > >>>>>>>>>>> Error fading object 'dn: dc=example, dc=com'. > >>>>>>>>>>> The error send by the server was: > >>>>>>>>>>> ". > >>>>>>>>>>> > >>>>>>>>>>> In the Whireshark log was still the search request witch > >>>>>>>>>>> > >>>>>>>>>>> > >>>> control: > >>>> > >>>> > >>>>>>>>>>> 2.16.840.1.113730.3.4.2 > >>>>>>>>>>> > >>>>>>>>>>> Why is this control needed by the server when I removed it > >>>>>>>>>>> from > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>> Database link settings? > >>>>>>>>>> > >>>>>>>>>> I'm not sure - maybe the console is not working correctly. > >>>>>>>>>> Try > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>> this: > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>>> 1) Shutdown the server > >>>>>>>>>> 2) cd /etc/dirsrv/slapd-yourinstance > >>>>>>>>>> 3) edit dse.ldif - look for the entry > >>>>>>>>>> dn: cn=config,cn=chaining database,cn=plugins,cn=config > >>>>>>>>>> 4) edit the nsTransmittedControls attribute - remove > >>>>>>>>>> 2.16.840.1.113730.3.4.2 > >>>>>>>>>> 5) save and restart the server > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>> I looked into dse.ldif for a nsTransmittedControls attribute. > >>>>>>>>> There > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> is only the 1.3.6.1.4.1.1466.29539.12. , not the problematic > >>>>>>>> 2.16.840.1.113730.3.4.2. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> Isn't the 2.16.840.1.113730.3.4.2 hardcoded? > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> If it is, I don't see it. There is no mention of managedsa or > >>>>>>>> 2.16.840.1.113730.3.4.2 anywhere in the chaining backend code. > >>>>>>>> The only place it is mentioned is in the default list of > >>>>>>>> nsTransmittedControls in the template-dse.ldif used during new > >>>>>>>> instance creation. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> Why is this so necessary? > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> It's not necessary, and I'm not sure where it is coming from. > >>>>>>>> Once place might be an internal operation, but I'm not sure > >>>>>>>> what internal operation would be doing this. You might also > try > >>>>>>>> to remove nsActiveChainingComponents and > >>>>>>>> nsPossibleChainingComponents to see > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>> if > >>>>>> > >>>>>> > >>>>>> > >>>>>>>> one of those components is doing an internal operation with > >>>>>>>> managedsait set. > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>> I removed nsActiveChainingComponents and > >>>>>>> nsPossibleChainingComponents > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> and it didn't help. > >>>>>> > >>>>>> Then I'm not sure where it's coming from. I suppose you could > >>>>>> enable tracing in the directory server and see if there is > >>>>>> > >> anything > >> > >>>>>> interesting in the error log - see > >>>>>> http://directory.fedoraproject.org/wiki/FAQ#Troubleshooting > >>>>>> > >>>>>> > >>>>>> > >>>>> In the attachment is the part of the server error log. I removed > >>>>> > >> all > >> > >>>>> messages before I click on the exclamation mark before the DN in > >>>>> > >> the > >> > >>>>> Fedora administration console -> Directory folder tab. I don't > >>>>> understand this log. It is helpful for you? > >>>>> > >>>>> > >>>>> > >>>>> > >>>> Ah, I see. You are using the console to try to browse the AD tree? > >>>> And you are using the console admin user "admin"? Try ldapsearch > >>>> > >> from > >> > >>>> the command line, and attempt to authenticate as an AD user (e.g. > >>>> cn=administrator,cn=users,dc=example,dc=com). > >>>> > >>>> > >>> Yes, you are right. I use the console to browse AD tree. But I do > >>> > >> this because there is attention marker before the root suffix (lib- > >> w2k3r2) in the Directory tab and I just double click on it. > >> > >>> I tried ldapsearch using AD user (Administrator). I'm able to login > >>> > >> but the ldapsearch don't show any results (I use Apache Directory > >> Studio). When I looked into Whireshark log, I now see that another > >> critical extension is missing: 2.16.840.1.113730.3.4.12. The log is > >> in the attachment. > >> > >> Make sure 2.16.840.1.113730.3.4.12 is not in the transmitted > controls. > >> Set nsProxiedAuthorization to 0 - that should make it not use > >> 2.16.840.1.113730.3.4.12 which is the proxyauth control. > >> > > > > It works. Thank you very much! I can connect to the AD and list users > and whatever I want. > > I have one more difficulty. When I send ldapmodify to the node in the > > AD, FDS add to this request two more attributes (modifiersname, > > modifytimestamp). AD don't know these attributes and returns the > error > > (errorMessage: 00000057: LdapErr: DSID-0C090A85, comment: Error in > > attribute conversion operation, data 0, vece). Is it possible to > > disable this functionality > Yes. This is the nsslapd-lastmod attribute in cn=config - set this to 0 > > or rewrite attributes name into AD attributes name (e.g. > modifytimestamp -> whenChanged)? I cannot change AD schema. > > > No, it's not possible to map it. Perhaps one of last questions on LDAP proxy :-) Is there a way how to setup permissions to list/searching AD using chaining? I'm looking into administration guide and if I see it well, I have to setup ACI on the AD. But AD does not have ACI attributes. I tried to add ACI on the cn=link-ads,cn=chaining database,cn=plugins,cn=config but it didn't help. > > BTW, I would really appreciate it if you could write up something for > the wiki about "using chaining to create an AD 'view'" - if you would > rather just send me the info in an email, that would be fine too. > > > >>>>>>>>>>>>>> Michal Rejda wrote: > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Hi all, > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> I?m trying to setup proxy on FDS to another LDAP server > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>> (OpenLDAP > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>>>>>> and Active Directory). I tried two ways, but none of > >>>>>>>>>>>>>>> > >> these > >> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>> works: > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>>>>>> 1) New database link to LDAP server. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> - The remote LDAP server (OpenLDAP) returns: null. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>> manageDSAit > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>> control > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> value not found > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>> You might have to tweak the controls used by chaining - > >>>>>>>>>>>>>> > >> see > >> > >>>>>>>>>>>>>> http://tinyurl.com/culeft > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> 2) Create multiple-master replication and setup other > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>> server > >>>> > >>>> > >>>>>>>>>>>>>>> as > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>> consumer. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> - But this show error: 255 Replication error acquiring > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>> replica: > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>>>>>>>> unknown error. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>> Replication will only work to a SunDS, not to any other > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>> vendor. > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> My question is: Is there way how to setup proxy to > >>>>>>>>>>>>>>> access > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>> another > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>>>>> LDAP > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> server from Fedora DS? I know that is possible to use > AD > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>> sync, > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>>> but > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>>>> I > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>>>>> cannot install anything on the AD server. The second > >>>>>>>>>>>>>>> reason why > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>> I > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>>>>> need > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> to setup proxy is to use data stored in LDAP server > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>> (OpenLDAP, > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>>>>>>>> Open Direcoty Server and Active Directory) in one > place. > >>>>>>>>>>>>>>> > >> I > >> > >>>>>>>>>>>>>>> need > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>> to > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>>>> update > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>>>>> them too. It is not necessary to synchronize passwords. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>> See also > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >> http://directory.fedoraproject.org/wiki/Howto:OpenldapIntegration > >> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>>>>>> Thank you for reply. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Regards, > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Michal > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>> -- > >>>>>>>>> Fedora-directory-users mailing list > >>>>>>>>> Fedora-directory-users@xxxxxxxxxx > >>>>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory- > users > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>> -- > >>>>>>> Fedora-directory-users mailing list > >>>>>>> Fedora-directory-users@xxxxxxxxxx > >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>> ----------------------------------------------------------------- > - > >>>>> - > >>>>> > >> - > >> > >>>>> - > >>>>> > >>>>> > >>>> - > >>>> > >>>> > >>>>> -- > >>>>> > >>>>> -- > >>>>> Fedora-directory-users mailing list > >>>>> Fedora-directory-users@xxxxxxxxxx > >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>>>> > >>>>> > >>>>> > >>> ------------------------------------------------------------------- > - > >>> - > >>> > >> - > >> > >>> -- > >>> > >>> -- > >>> Fedora-directory-users mailing list > >>> Fedora-directory-users@xxxxxxxxxx > >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>> > >>> > > > > > > --------------------------------------------------------------------- > - > > -- > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users Loading Comments...
|
|
