The AgentX subagent config file is supposed to take a config line
I have set this but the agent still logs to the same dir at the config
file is in (which is the default location) - any ideas?
NOPS Systems Architect
310 401 0407
My knowledge of SNMP is only fair, bear with me ...
I've set up the subagent for SNMP monitoring and can snmpwalk the rhds
stuff, with the output below. I have a few questions though:
1. what is the ".389" suffix on the variables? Looks like the port
number of the server?
2. If I query the DS, none of the counters change?
3. The dsIntTable part of the MIB has no entries (I tried with
snmptable) - how does this get populated?
4. Do I need to do anything to "enable" SNMP on the servers? The
checkbox mentioned in the docs doesn't exist but dse.ldif does have
RHDS-MIB::dsAnonymousBinds.389 = Counter32: 0
RHDS-MIB::dsUnAuthBinds.389 = Counter32: 0
RHDS-MIB::dsSimpleAuthBinds.389 = Counter32: 21
RHDS-MIB::dsStrongAuthBinds.389 = Counter32: 0
RHDS-MIB::dsBindSecurityErrors.389 = Counter32: 0
RHDS-MIB::dsInOps.389 = Counter32: 306
RHDS-MIB::dsReadOps.389 = Counter32: 0
RHDS-MIB::dsCompareOps.389 = Counter32: 0
RHDS-MIB::dsAddEntryOps.389 = Counter32: 0
RHDS-MIB::dsRemoveEntryOps.389 = Counter32: 0
RHDS-MIB::dsModifyEntryOps.389 = Counter32: 53
RHDS-MIB::dsModifyRDNOps.389 = Counter32: 0
RHDS-MIB::dsListOps.389 = Counter32: 0
RHDS-MIB::dsSearchOps.389 = Counter32: 81
RHDS-MIB::dsOneLevelSearchOps.389 = Counter32: 6
RHDS-MIB::dsWholeSubtreeSearchOps.389 = Counter32: 7
RHDS-MIB::dsReferrals.389 = Counter32: 0
RHDS-MIB::dsChainings.389 = Counter32: 0
RHDS-MIB::dsSecurityErrors.389 = Counter32: 0
RHDS-MIB::dsErrors.389 = Counter32: 72
RHDS-MIB::dsMasterEntries.389 = Gauge32: 0
RHDS-MIB::dsCopyEntries.389 = Gauge32: 0
RHDS-MIB::dsCacheEntries.389 = Gauge32: 0
RHDS-MIB::dsCacheHits.389 = Counter32: 0
RHDS-MIB::dsSlaveHits.389 = Counter32: 0
NOPS Systems Architect
310 401 0407
I am in the midst of migrating from openldap to fedora ds.
In openldap, I could specify the userpassword as
And openldap would utilize that for bind verification..
Is this possible under fedora ds? Would a plugin be required (is one
We use P-synch, a password synchronization tool. It has a plugin that works on Netscape and Sun LDAP servers, so I'm hoping it'll work with Fedora, and I'm testing that now. I have configured the plugin in dse.ldif as specified by the vendor (and as it has worked on SunOne). When I try to start the directory instance, I get an error right away:
$ sudo ./start-slapd
[26/Jul/2006:17:27:19 -0600] - Netscape Portable Runtime error -5977: /opt/fedora-ds/lib/passwdop.nsldap.linux.x86: cannot open shared object file: No such file or directory
[26/Jul/2006:17:27:19 -0600] - Could not open library "/opt/fedora-ds/lib/passwdop.nsldap.linux.x86" for plugin Psynch Check Password
[26/Jul/2006:17:27:19 -0600] - Unable to load plugin "cn=Psynch Check Password,cn=plugins,cn=config"
But the file is there, and its real accessible:
$ ls -l /opt/fedora-ds/lib/passwdop.nsldap.linux.x86
-rwxrwxrwx 1 ldap ldap 87127 Jul 26 17:25 /opt/fedora-ds/lib/passwdop.nsldap.linux.x86
So I'm trying to figure out what might cause this.
1. It's a 64-bit linux box, but the plugin binary is 32-bit? (I'd expect a different error)
2. The plugin is not working with the directory software? (I'd expect a different error)
3. There is a secret about installing Fedora plugins that my experience with SunOne hasn't taught me?
Anyone have any great ideas?
What do these messages mean in the passync log, the services starts up
and I see 1 successful auth on the directory server but all i get is
this in the passync log:
07/26/06 14:19:10: PassSync service started
07/26/06 14:19:10: Failed to load entries from file
07/26/06 14:19:12: Password list is empty. Waiting for passhook event
if i change a password or add a user, nothing happens.
Thanks in advance
I have been playing with FDS 1.0.2 for some time, and have been
successful in getting the Directory Server to enforce password
policy by toggling the "nsslapd-pwpolicy-local" flag to "on", then
establishing a local policy for my "ou=People" subtree.
This enforcement appears to work only when I change the password
for a user through the Fedora Management Console interface when I'm
logged in as the Directory Manager (cn=Directory Manager).
When I attempt to change the "userPassword" attribute for my test user
via perl's Net::LDAP library using the smbldap-tools scripts
smbldap-passwd takes the cleartext of the new password, and hashes it
This hashed text (ciphertext) is then used to replace the
"userPassword" attribute for the user
in a subsequent LDAP bind operation. This process effectively bypasses
policy defined for the user's subtree.
Is there a way (through Perl or Java) to supply the cleartext to the
server through SSL/TLS,
and have it apply the password policy on the cleartext before the
server hashes the cleartext?
Lead Communications Engineer
The MITRE Corporation Bedford, MA
Is it possible to get the build files to use as a template for this new
Thank you for good news and such a quick response!
Richard Megginson <rmeggins(a)redhat.com>
Sent by: fedora-directory-users-bounces(a)redhat.com
07/25/2006 04:04 PM
Please respond to "General discussion list for the Fedora Directory server
To: "General discussion list for the Fedora Directory server project."
Subject: Re: [Fedora-directory-users] Fedora Directory server on Windows XP. Can it
Eugene M Liberman wrote:
> I am trying to build FDS on the Windows XP platform. Can it be done?
> Has somebody done it?
Yes, about 18 months ago, and not since. The Windows port has rotted
quite a bit. You can probably do it, but it will take a couple of weeks
> Thank you in advance,
> Gene Liberman
> Fedora-directory-users mailing list
Fedora-directory-users mailing list
<< Attachment clipped: smime.p7s (4356 bytes ) >>