FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 11-22-2010, 07:34 PM
Rich Megginson
 
Default Please Help Test 389 Directory Server 1.2.7

389-ds-base-1.2.7 is now in Testing. This release adds some new
features and fixes many bugs. Please help us test. The sooner we can
get this release tested, the sooner we can push it to Stable and make it
generally available.

Installation

yum install 389-ds --enablerepo=updates-testing
# or for EPEL
yum install 389-ds --enablerepo=epel-testing
setup-ds-admin.pl

Upgrade

yum upgrade --enablerepo=updates-testing 389-ds-base 389-admin
# or for EPEL
yum upgrade --enablerepo=epel-testing 389-ds-base 389-admin
setup-ds-admin.pl -u

How to Give Feedback

The best way to provide feedback is via the Fedora Update system. Each
update is broken down by package and platform. For example, if you are
using Fedora 12, and you have successfully installed or upgraded all of
the packages, and the console and etc. works, then go to the links below
for Fedora 12 and provide feedback.

* 389-ds-base-1.2.7
** EL-5 - https://admin.fedoraproject.org/updates/389-ds-base-1.2.7-1.el5
** Fedora 12 -
https://admin.fedoraproject.org/updates/389-ds-base-1.2.7-1.fc12
** Fedora 13 -
https://admin.fedoraproject.org/updates/389-ds-base-1.2.7-1.fc13
** Fedora 14 -
https://admin.fedoraproject.org/updates/389-ds-base-1.2.7-1.fc14

scroll down to the bottom of the page, and click on the Add a comment >>
link

* select one of the Works for me or Does not work radio buttons, add
text, and click on the Add Comment button

If you are using a build on another platform, just send us an email to
389-users@lists.fedoraproject.org

Reporting Bugs

If you find a bug, or would like to see a new feature, you can enter it
here - https://bugzilla.redhat.com/enter_bug.cgi?product=389

More Information
* Release Notes - http://port389.org/wiki/Release_Notes
* Install_Guide - http://port389.org/wiki/Install_Guide
* Download - http://port389.org/wiki/Download


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-22-2010, 07:36 PM
Rich Megginson
 
Default Please Help Test 389 Directory Server 1.2.7

389-ds-base-1.2.7 is now in Testing. This release adds some new
features and fixes many bugs. Please help us test. The sooner we can
get this release tested, the sooner we can push it to Stable and make it
generally available.

Installation

yum install 389-ds --enablerepo=updates-testing
# or for EPEL
yum install 389-ds --enablerepo=epel-testing
setup-ds-admin.pl

Upgrade

yum upgrade --enablerepo=updates-testing 389-ds-base 389-admin
# or for EPEL
yum upgrade --enablerepo=epel-testing 389-ds-base 389-admin
setup-ds-admin.pl -u

How to Give Feedback

The best way to provide feedback is via the Fedora Update system. Each
update is broken down by package and platform. For example, if you are
using Fedora 12, and you have successfully installed or upgraded all of
the packages, and the console and etc. works, then go to the links below
for Fedora 12 and provide feedback.

* 389-ds-base-1.2.7
** EL-5 - https://admin.fedoraproject.org/updates/389-ds-base-1.2.7-1.el5
** Fedora 12 -
https://admin.fedoraproject.org/updates/389-ds-base-1.2.7-1.fc12
** Fedora 13 -
https://admin.fedoraproject.org/updates/389-ds-base-1.2.7-1.fc13
** Fedora 14 -
https://admin.fedoraproject.org/updates/389-ds-base-1.2.7-1.fc14

scroll down to the bottom of the page, and click on the Add a comment >>
link

* select one of the Works for me or Does not work radio buttons, add
text, and click on the Add Comment button

If you are using a build on another platform, just send us an email to
389-users@lists.fedoraproject.org

Reporting Bugs

If you find a bug, or would like to see a new feature, you can enter it
here - https://bugzilla.redhat.com/enter_bug.cgi?product=389

More Information
* Release Notes - http://port389.org/wiki/Release_Notes
* Install_Guide - http://port389.org/wiki/Install_Guide
* Download - http://port389.org/wiki/Download


_______________________________________________
test-announce mailing list
test-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/test-announce
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 11-23-2010, 08:01 AM
Gerrard Geldenhuis
 
Default Please Help Test 389 Directory Server 1.2.7

> -----Original Message-----
> From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-
> bounces@lists.fedoraproject.org] On Behalf Of Rich Megginson
> Sent: 22 November 2010 20:35
> To: 389-announce@redhat.com; 389-users@redhat.com
> Subject: [389-users] Please Help Test 389 Directory Server 1.2.7
>
> 389-ds-base-1.2.7 is now in Testing. This release adds some new features
> and fixes many bugs. Please help us test. The sooner we can get this
> release tested, the sooner we can push it to Stable and make it generally
> available.
>

Purely out of interest, what has motivated the move from nss_ldap to openldap? I have read the wiki entry that describes the differences but was wondering what the motivation is. More actively developed, cleaner code, less buggy?

Regards

__________________________________________________ ______________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

__________________________________________________ ______________________
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-23-2010, 01:04 PM
Rich Megginson
 
Default Please Help Test 389 Directory Server 1.2.7

On 11/23/2010 02:01 AM, Gerrard Geldenhuis wrote:
>> -----Original Message-----
>> From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-
>> bounces@lists.fedoraproject.org] On Behalf Of Rich Megginson
>> Sent: 22 November 2010 20:35
>> To: 389-announce@redhat.com; 389-users@redhat.com
>> Subject: [389-users] Please Help Test 389 Directory Server 1.2.7
>>
>> 389-ds-base-1.2.7 is now in Testing. This release adds some new features
>> and fixes many bugs. Please help us test. The sooner we can get this
>> release tested, the sooner we can push it to Stable and make it generally
>> available.
>>
> Purely out of interest, what has motivated the move from nss_ldap to openldap?
I think you mean Mozilla LDAP C SDK, not nss_ldap.
> I have read the wiki entry that describes the differences but was wondering what the motivation is. More actively developed, cleaner code, less buggy?
Yes, and that the openldap c sdk is ubiquitous in the open source world.
> Regards
>
> __________________________________________________ ______________________
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> __________________________________________________ ______________________
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-23-2010, 04:22 PM
Andrey Ivanov
 
Default Please Help Test 389 Directory Server 1.2.7

2010/11/23 Rich Megginson <rmeggins@redhat.com>:
n for the httpd engine . . .
>>> Starting admin server . . .
>>> output: ERROR: ld.so: object '/libldap60.so' from LD_PRELOAD cannot be
>>> preloaded: ignored.
>>> The admin server was successfully started.
>>> Admin server was successfully created, configured, and started.
>>> Exiting . . .
>>> Log file is '/tmp/setupXxX7a5.log'
>>>
>>>
>> We have seen the preload issue too. I have reported it via the links provided. The fix is as follows:
>> diff start-ds-admin start-ds-admin.orig 46c46< *LD_PRELOAD="/usr/lib64/libldap60.so" ---> *LD_PRELOAD=" /libldap60.so"
> This should be fixed in 389-admin-1.1.12 now in updates-testing - what
> platform? *Fedora 14 or other?

I've compiled the sources from here :
http://directory.fedoraproject.org/sources/389-admin-1.1.12.a2.tar.bz2
(CentOS 5.5 x86_64 too)
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-23-2010, 04:33 PM
Nathan Kinder
 
Default Please Help Test 389 Directory Server 1.2.7

On 11/23/2010 08:56 AM, Andrey Ivanov wrote:
> Hi Rich,
>
> I have two issues with this new version (that i have compiled from the
> git sources)
>
> here is the first issue :
>
> there were some changes to the memberfo plugin (Bug 620927) that added
> a more rigorous verification of memberofgroupattr parameter of
> MemberOf plugin. We use the uniqueMember/memberOf attribute pair to
> manage our groups and backlinks. This configuration does not work with
> the 1.2.7 server :
>
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - Error 53: The
> uniqueMember configuration attribute must be set to an attribute
> defined to use the Distinguished Name syntax. (illegal value:
> memberOfGroupAttr)
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
> (DSA is unwilling to perform)
> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
> MemberOf Plugin
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf
> plugin instance can be used
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
> (Bad parameter to an ldap routine)
> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
> MemberOf Plugin
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf
> plugin instance can be used
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
> (Bad parameter to an ldap routine)
> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
> MemberOf Plugin
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf
> plugin instance can be used
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
> (Bad parameter to an ldap routine)
> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
> MemberOf Plugin
> [23/Nov/2010:17:32:51 +0100] - Error: Failed to resolve plugin dependencies
> [23/Nov/2010:17:32:51 +0100] - Error: postoperation plugin MemberOf
> Plugin is not started
>
>
> The thing is that uniquemember does not have the DN syntax, it has
> "Name and Optional UID syntax" :
>
> attributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
> EQUALITY uniqueMemberMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.34
> X-ORIGIN 'RFC 4519' )
>
> Our memberOf configuration:
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> objectClass: top
> objectClass: nsSlapdPlugin
> objectClass: extensibleObject
> cn: MemberOf Plugin
> nsslapd-pluginPath: libmemberof-plugin
> nsslapd-pluginInitfunc: memberof_postop_init
> nsslapd-pluginType: postoperation
> nsslapd-pluginEnabled: on
> nsslapd-plugin-depends-on-type: database
> memberofgroupattr: uniqueMember
> memberofattr: memberOf
> nsslapd-pluginId: memberof
> nsslapd-pluginVersion: 1.2.7
> nsslapd-pluginVendor: 389 Project
> nsslapd-pluginDescription: memberof plugin
Prior to 1.2.7, how was this configuration working for you? What sort
of values were you setting in the "uniqueMember" attribute? The
memberOf plug-in really needs a full DN to work, which is why the
restriction to use an attribute with the DN syntax was added.
>
>
> The second issue : when using sutup-ds-admin there is a LD_PRELOAD
> libldap60.so error. I used the sources mod_nss-1.0.8.tar.gz,
> 389-admin-1.1.12.a2.tar.bz2 and 389-adminutil-1.1.13.tar.bz2 to
> compile teh admin server.
>
> Creating directory server . . .
> Your new DS instance 'dmz' was successfully created.
> Creating the configuration directory server . . .
> Beginning Admin Server creation . . .
> Creating Admin Server files and directories . . .
> Updating adm.conf . . .
> Updating admpw . . .
> Registering admin server with the configuration directory server . . .
> Updating adm.conf with information from configuration directory server . . .
> Updating the configuration for the httpd engine . . .
> Starting admin server . . .
> output: ERROR: ld.so: object '/libldap60.so' from LD_PRELOAD cannot be
> preloaded: ignored.
> The admin server was successfully started.
> Admin server was successfully created, configured, and started.
> Exiting . . .
> Log file is '/tmp/setupXxX7a5.log'
>
>
> 2010/11/22 Rich Megginson<rmeggins@redhat.com>:
>> 389-ds-base-1.2.7 is now in Testing. This release adds some new
>> features and fixes many bugs. Please help us test. The sooner we can
>> get this release tested, the sooner we can push it to Stable and make it
>> generally available.
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-23-2010, 04:40 PM
Nathan Kinder
 
Default Please Help Test 389 Directory Server 1.2.7

On 11/23/2010 09:33 AM, Nathan Kinder wrote:
> On 11/23/2010 08:56 AM, Andrey Ivanov wrote:
>> Hi Rich,
>>
>> I have two issues with this new version (that i have compiled from the
>> git sources)
>>
>> here is the first issue :
>>
>> there were some changes to the memberfo plugin (Bug 620927) that added
>> a more rigorous verification of memberofgroupattr parameter of
>> MemberOf plugin. We use the uniqueMember/memberOf attribute pair to
>> manage our groups and backlinks. This configuration does not work with
>> the 1.2.7 server :
>>
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - Error 53: The
>> uniqueMember configuration attribute must be set to an attribute
>> defined to use the Distinguished Name syntax. (illegal value:
>> memberOfGroupAttr)
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
>> (DSA is unwilling to perform)
>> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
>> MemberOf Plugin
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf
>> plugin instance can be used
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
>> (Bad parameter to an ldap routine)
>> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
>> MemberOf Plugin
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf
>> plugin instance can be used
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
>> (Bad parameter to an ldap routine)
>> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
>> MemberOf Plugin
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf
>> plugin instance can be used
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
>> (Bad parameter to an ldap routine)
>> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
>> MemberOf Plugin
>> [23/Nov/2010:17:32:51 +0100] - Error: Failed to resolve plugin dependencies
>> [23/Nov/2010:17:32:51 +0100] - Error: postoperation plugin MemberOf
>> Plugin is not started
>>
>>
>> The thing is that uniquemember does not have the DN syntax, it has
>> "Name and Optional UID syntax" :
>>
>> attributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
>> EQUALITY uniqueMemberMatch
>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.34
>> X-ORIGIN 'RFC 4519' )
>>
>> Our memberOf configuration:
>> dn: cn=MemberOf Plugin,cn=plugins,cn=config
>> objectClass: top
>> objectClass: nsSlapdPlugin
>> objectClass: extensibleObject
>> cn: MemberOf Plugin
>> nsslapd-pluginPath: libmemberof-plugin
>> nsslapd-pluginInitfunc: memberof_postop_init
>> nsslapd-pluginType: postoperation
>> nsslapd-pluginEnabled: on
>> nsslapd-plugin-depends-on-type: database
>> memberofgroupattr: uniqueMember
>> memberofattr: memberOf
>> nsslapd-pluginId: memberof
>> nsslapd-pluginVersion: 1.2.7
>> nsslapd-pluginVendor: 389 Project
>> nsslapd-pluginDescription: memberof plugin
> Prior to 1.2.7, how was this configuration working for you? What sort
> of values were you setting in the "uniqueMember" attribute? The
> memberOf plug-in really needs a full DN to work, which is why the
> restriction to use an attribute with the DN syntax was added.
One other note to add is that the syntax of an attribute is taken into
account when attribute values are compared. The memberOf plug-in does
comparisons like this to detect grouping loops. It is important to use
the DN syntax here when we are comparing values that represent DNs, as
there are many special rules that pertain to a DN. If an attribute is
used that uses some other syntax, the comparisons may not detect two
equivalent DNs which could cause a group looping issue.
>>
>> The second issue : when using sutup-ds-admin there is a LD_PRELOAD
>> libldap60.so error. I used the sources mod_nss-1.0.8.tar.gz,
>> 389-admin-1.1.12.a2.tar.bz2 and 389-adminutil-1.1.13.tar.bz2 to
>> compile teh admin server.
>>
>> Creating directory server . . .
>> Your new DS instance 'dmz' was successfully created.
>> Creating the configuration directory server . . .
>> Beginning Admin Server creation . . .
>> Creating Admin Server files and directories . . .
>> Updating adm.conf . . .
>> Updating admpw . . .
>> Registering admin server with the configuration directory server . . .
>> Updating adm.conf with information from configuration directory server . . .
>> Updating the configuration for the httpd engine . . .
>> Starting admin server . . .
>> output: ERROR: ld.so: object '/libldap60.so' from LD_PRELOAD cannot be
>> preloaded: ignored.
>> The admin server was successfully started.
>> Admin server was successfully created, configured, and started.
>> Exiting . . .
>> Log file is '/tmp/setupXxX7a5.log'
>>
>>
>> 2010/11/22 Rich Megginson<rmeggins@redhat.com>:
>>> 389-ds-base-1.2.7 is now in Testing. This release adds some new
>>> features and fixes many bugs. Please help us test. The sooner we can
>>> get this release tested, the sooner we can push it to Stable and make it
>>> generally available.
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-23-2010, 07:34 PM
Nathan Kinder
 
Default Please Help Test 389 Directory Server 1.2.7

On 11/23/2010 08:56 AM, Andrey Ivanov wrote:
> Hi Rich,
>
> I have two issues with this new version (that i have compiled from the
> git sources)
>
> here is the first issue :
>
> there were some changes to the memberfo plugin (Bug 620927) that added
> a more rigorous verification of memberofgroupattr parameter of
> MemberOf plugin. We use the uniqueMember/memberOf attribute pair to
> manage our groups and backlinks. This configuration does not work with
> the 1.2.7 server :
>
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - Error 53: The
> uniqueMember configuration attribute must be set to an attribute
> defined to use the Distinguished Name syntax. (illegal value:
> memberOfGroupAttr)
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
> (DSA is unwilling to perform)
> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
> MemberOf Plugin
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf
> plugin instance can be used
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
> (Bad parameter to an ldap routine)
> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
> MemberOf Plugin
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf
> plugin instance can be used
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
> (Bad parameter to an ldap routine)
> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
> MemberOf Plugin
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf
> plugin instance can be used
> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
> (Bad parameter to an ldap routine)
> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
> MemberOf Plugin
> [23/Nov/2010:17:32:51 +0100] - Error: Failed to resolve plugin dependencies
> [23/Nov/2010:17:32:51 +0100] - Error: postoperation plugin MemberOf
> Plugin is not started
>
>
> The thing is that uniquemember does not have the DN syntax, it has
> "Name and Optional UID syntax" :
>
> attributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
> EQUALITY uniqueMemberMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.34
> X-ORIGIN 'RFC 4519' )
Please open a bug on this. My current thinking is that we should also
allow the grouping attribute to use this syntax, but you should be aware
that memberOf will not work if you actually have the optional UID part
present.
> Our memberOf configuration:
> dn: cn=MemberOf Plugin,cn=plugins,cn=config
> objectClass: top
> objectClass: nsSlapdPlugin
> objectClass: extensibleObject
> cn: MemberOf Plugin
> nsslapd-pluginPath: libmemberof-plugin
> nsslapd-pluginInitfunc: memberof_postop_init
> nsslapd-pluginType: postoperation
> nsslapd-pluginEnabled: on
> nsslapd-plugin-depends-on-type: database
> memberofgroupattr: uniqueMember
> memberofattr: memberOf
> nsslapd-pluginId: memberof
> nsslapd-pluginVersion: 1.2.7
> nsslapd-pluginVendor: 389 Project
> nsslapd-pluginDescription: memberof plugin
>
>
>
> The second issue : when using sutup-ds-admin there is a LD_PRELOAD
> libldap60.so error. I used the sources mod_nss-1.0.8.tar.gz,
> 389-admin-1.1.12.a2.tar.bz2 and 389-adminutil-1.1.13.tar.bz2 to
> compile teh admin server.
>
> Creating directory server . . .
> Your new DS instance 'dmz' was successfully created.
> Creating the configuration directory server . . .
> Beginning Admin Server creation . . .
> Creating Admin Server files and directories . . .
> Updating adm.conf . . .
> Updating admpw . . .
> Registering admin server with the configuration directory server . . .
> Updating adm.conf with information from configuration directory server . . .
> Updating the configuration for the httpd engine . . .
> Starting admin server . . .
> output: ERROR: ld.so: object '/libldap60.so' from LD_PRELOAD cannot be
> preloaded: ignored.
> The admin server was successfully started.
> Admin server was successfully created, configured, and started.
> Exiting . . .
> Log file is '/tmp/setupXxX7a5.log'
>
>
> 2010/11/22 Rich Megginson<rmeggins@redhat.com>:
>> 389-ds-base-1.2.7 is now in Testing. This release adds some new
>> features and fixes many bugs. Please help us test. The sooner we can
>> get this release tested, the sooner we can push it to Stable and make it
>> generally available.
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-23-2010, 09:25 PM
Nathan Kinder
 
Default Please Help Test 389 Directory Server 1.2.7

On 11/23/2010 12:34 PM, Nathan Kinder wrote:
> On 11/23/2010 08:56 AM, Andrey Ivanov wrote:
>> Hi Rich,
>>
>> I have two issues with this new version (that i have compiled from the
>> git sources)
>>
>> here is the first issue :
>>
>> there were some changes to the memberfo plugin (Bug 620927) that added
>> a more rigorous verification of memberofgroupattr parameter of
>> MemberOf plugin. We use the uniqueMember/memberOf attribute pair to
>> manage our groups and backlinks. This configuration does not work with
>> the 1.2.7 server :
>>
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - Error 53: The
>> uniqueMember configuration attribute must be set to an attribute
>> defined to use the Distinguished Name syntax. (illegal value:
>> memberOfGroupAttr)
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
>> (DSA is unwilling to perform)
>> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
>> MemberOf Plugin
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf
>> plugin instance can be used
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
>> (Bad parameter to an ldap routine)
>> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
>> MemberOf Plugin
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf
>> plugin instance can be used
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
>> (Bad parameter to an ldap routine)
>> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
>> MemberOf Plugin
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - only one memberOf
>> plugin instance can be used
>> [23/Nov/2010:17:32:51 +0100] memberof-plugin - configuration failed
>> (Bad parameter to an ldap routine)
>> [23/Nov/2010:17:32:51 +0100] - Failed to start postoperation plugin
>> MemberOf Plugin
>> [23/Nov/2010:17:32:51 +0100] - Error: Failed to resolve plugin dependencies
>> [23/Nov/2010:17:32:51 +0100] - Error: postoperation plugin MemberOf
>> Plugin is not started
>>
>>
>> The thing is that uniquemember does not have the DN syntax, it has
>> "Name and Optional UID syntax" :
>>
>> attributeTypes: ( 2.5.4.50 NAME 'uniqueMember'
>> EQUALITY uniqueMemberMatch
>> SYNTAX 1.3.6.1.4.1.1466.115.121.1.34
>> X-ORIGIN 'RFC 4519' )
> Please open a bug on this. My current thinking is that we should also
> allow the grouping attribute to use this syntax, but you should be aware
> that memberOf will not work if you actually have the optional UID part
> present.
I went ahead and logged a bug for this:

https://bugzilla.redhat.com/show_bug.cgi?id=656515
>> Our memberOf configuration:
>> dn: cn=MemberOf Plugin,cn=plugins,cn=config
>> objectClass: top
>> objectClass: nsSlapdPlugin
>> objectClass: extensibleObject
>> cn: MemberOf Plugin
>> nsslapd-pluginPath: libmemberof-plugin
>> nsslapd-pluginInitfunc: memberof_postop_init
>> nsslapd-pluginType: postoperation
>> nsslapd-pluginEnabled: on
>> nsslapd-plugin-depends-on-type: database
>> memberofgroupattr: uniqueMember
>> memberofattr: memberOf
>> nsslapd-pluginId: memberof
>> nsslapd-pluginVersion: 1.2.7
>> nsslapd-pluginVendor: 389 Project
>> nsslapd-pluginDescription: memberof plugin
>>
>>
>>
>> The second issue : when using sutup-ds-admin there is a LD_PRELOAD
>> libldap60.so error. I used the sources mod_nss-1.0.8.tar.gz,
>> 389-admin-1.1.12.a2.tar.bz2 and 389-adminutil-1.1.13.tar.bz2 to
>> compile teh admin server.
>>
>> Creating directory server . . .
>> Your new DS instance 'dmz' was successfully created.
>> Creating the configuration directory server . . .
>> Beginning Admin Server creation . . .
>> Creating Admin Server files and directories . . .
>> Updating adm.conf . . .
>> Updating admpw . . .
>> Registering admin server with the configuration directory server . . .
>> Updating adm.conf with information from configuration directory server . . .
>> Updating the configuration for the httpd engine . . .
>> Starting admin server . . .
>> output: ERROR: ld.so: object '/libldap60.so' from LD_PRELOAD cannot be
>> preloaded: ignored.
>> The admin server was successfully started.
>> Admin server was successfully created, configured, and started.
>> Exiting . . .
>> Log file is '/tmp/setupXxX7a5.log'
>>
>>
>> 2010/11/22 Rich Megginson<rmeggins@redhat.com>:
>>> 389-ds-base-1.2.7 is now in Testing. This release adds some new
>>> features and fixes many bugs. Please help us test. The sooner we can
>>> get this release tested, the sooner we can push it to Stable and make it
>>> generally available.
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 11-24-2010, 07:56 AM
Andrey Ivanov
 
Default Please Help Test 389 Directory Server 1.2.7

Hi Nathan,

>
> Prior to 1.2.7, how was this configuration working for you? *What sort of
> values were you setting in the "uniqueMember" attribute? *The memberOf
> plug-in really needs a full DN to work, which is why the restriction to use
> an attribute with the DN syntax was added.

We use the uniqueMember attribute in a rather typical manner for group
objects: to list the DNs of the sub-groups and members :

cn=My Group,ou=Groups,dc=example,dc=com
objectClass: top
objectClass: groupofuniquenames
cn: My Group
uniqueMember: uid=someone,ou=Users,dc=example,dc=com
uniqueMember: cn=Another Group,ou=Groups,dc=example,dc=com

It's a relatively common way of uniqueMember usage, not limited to our
environment, i think.

@+
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 08:23 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org