Thanks for the responses. Here are answers:
[root@ldap2 ~]# java -version
java version "1.4.2_04"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_04-b05)
Java HotSpot(TM) Client VM (build 1.4.2_04-b05, mixed mode)
[root@ldap2 ~]# ls -l /opt/fedora-ds/lib/libjss3.so
-rwxr-xr-x 1 root root 213324 Nov 15 2005
[root@ldap2 ~]# echo $LD_LIBRARY_PATH
[root@ldap2 ~]# ldd /opt/fedora-ds/lib/libjss3.so
libnss3.so => /opt/fedora-ds/shared/lib/libnss3.so
libsmime3.so => /opt/fedora-ds/shared/lib/libsmime3.so
libssl3.so => /opt/fedora-ds/shared/lib/libssl3.so
libplc4.so => /opt/fedora-ds/shared/lib/libplc4.so
libplds4.so => /opt/fedora-ds/shared/lib/libplds4.so
libnspr4.so => /opt/fedora-ds/shared/lib/libnspr4.so
libc.so.6 => /lib64/tls/libc.so.6 (0x0000002a95dad000)
libsoftokn3.so => /opt/fedora-ds/shared/lib/libsoftokn3.so
libpthread.so.0 => /lib64/tls/libpthread.so.0
libdl.so.2 => /lib64/libdl.so.2 (0x0000002a96251000)
University of Colorado, Boulder
> -----Original Message-----
> From: fedora-directory-users-bounces(a)redhat.com
> [mailto:firstname.lastname@example.org] On Behalf
> Of fedora-directory-users-request(a)redhat.com
> Sent: Friday, July 21, 2006 10:00 AM
> To: fedora-directory-users(a)redhat.com
> Subject: Fedora-directory-users Digest, Vol 14, Issue 22
> Send Fedora-directory-users mailing list submissions to
> To subscribe or unsubscribe via the World Wide Web, visit
> or, via email, send a message with subject or body 'help' to
> You can reach the person managing the list at
> When replying, please edit your Subject line so it is more
> specific than "Re: Contents of Fedora-directory-users digest..."
> Today's Topics:
> 1. Can't start console (Diana Shepard)
> 2. Re: Can't start console (Richard Megginson)
> 3. Re: Can't start console (brian)
> Message: 1
> Date: Thu, 20 Jul 2006 16:02:18 -0600
> From: "Diana Shepard" <Diana.Shepard(a)cusys.edu>
> Subject: [Fedora-directory-users] Can't start console
> To: <fedora-directory-users(a)redhat.com>
> Content-Type: text/plain; charset="us-ascii"
> I have Fedora DS v1.0.2 installed on Linux AS v. 4, 64-bit.
> I get the following when I try /opt/fedora-ds/startconsole.
> The libjss3.so file does indeed exist. I tried setting and exporting
> to no avail. What the heck does it want?
> [root@ldap2 fedora-ds]# ./startconsole
> Exception in thread "main" java.lang.UnsatisfiedLinkError:
> /opt/fedora-ds/lib/libjss3.so: /opt/fedora-ds/lib/libjss3.so:
> cannot open shared object file: No such file or directory
> at java.lang.ClassLoader$NativeLibrary.load(Native Method)
> at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1560)
> at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1485)
> at java.lang.Runtime.loadLibrary0(Runtime.java:788)
> at java.lang.System.loadLibrary(System.java:834)
> actory(Unknown Source)
> n Source)
> at com.netscape.management.client.console.Console.main(Unknown
> Diana Shepard
> University of Colorado,Boulder
> University Management Systems
I've been reading about LDAP for the last couple of years, and finally
got to start planning an implementation.
I've settled for a pretty simple config, where I would put user info
(unix), samba and general user info on LDAP for starters (future plans
is SSH public keys and host based access rules)
But...I'm feeling like I'm drowning, I've read the o'reilly book, and
I've googled my behind off.
And so far I have found that LDAP is like PERL , there is no ONE way of
I've read the white papers at redhat.com, and managed to get SMB
authentication to work, but the one thing that keeps bugging me is this:
Do I have to write my own data entry interface ?
I had hoped to let the people at HR do the data entry on the "soft"
information , while the operations people do the "hard" information.
I hoped FDS would have something I could use, but I'm unable to figure
out if it has a web interface or if it must be entry via the X-Windows
I'm sorry to be so whiny :)..and yes I'll have some cheese later, but
please, anyone throw me a friggin' bone here :)
I have Fedora DS v1.0.2 installed on Linux AS v. 4, 64-bit.
I get the following when I try /opt/fedora-ds/startconsole. The
file does indeed exist. I tried setting and exporting
to no avail. What the heck does it want?
[root@ldap2 fedora-ds]# ./startconsole
Exception in thread "main" java.lang.UnsatisfiedLinkError:
/opt/fedora-ds/lib/libjss3.so: /opt/fedora-ds/lib/libjss3.so: cannot
open shared object file: No such file or directory
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
University of Colorado,Boulder
University Management Systems
As an attempt to compromise between the users who want the old layout
and those who want an FHS style layout, I propose having the package do
both. That is, the files would be put on disk under /opt/fedora-ds,
then symlinks would be created to those files and directories to
correspond to the FHS layout.
For example, /var/log/fedora-ds/slapd-instance/access would just be a
symlink to /opt/fedora-ds/slapd-instance/logs/access
/etc/fedora-ds/slapd-instance/dse.ldif would just be a symlink to
1) allows admins already familiar with fedora ds layout to continue to
use current tools/processes (e.g. tar up contents/restore contents,
which is much more difficult with FHS layout)
2) allows admins familiar with FHS to find files in familiar places
Hello all, quick question I am not sure about. I am trying to setup
different administrative domains for my ldap servers. I created
ldapconfig.domain.com which contains dc=ldapconfig,dc=domain,dc=com and
o=NetscapeRoot for my configuration servers, which are load balanced in
master master configuration on server1 and server2. When I click on
configdirectory.domain.com the "User directory host and port are set to
server1.domain.com:389. Is there any problems setting it to
configdirectory.domain.com which resolves to my loadbalancer and sends
requests to both servers? I've tested authentication with server1 down
then with server2 down, and they work fine and re-sync when the other
one is back online. I wasn't sure if this setting is just for a
I've just installed Fedora DS 1.0.2 on Redhat Enterprise 4 with Jave
Runtime RPM jre-1.5.0_07 installed.
I go into the GUI console and bring up the Directory. When I select a
user in the 'people' OU and right click, then select 'manage password
policy' -> 'User' -> 'For User..' I get a popup window, blank except two
bars at right angles to each other in the middle of the window and a
'close' button in the lower right corner.
This happens regardless of which user I select or if I select the parent
OU, right click and choose 'For subtree..'.
Is this a glitch in the GUI or have I missed something?
Can someone please tell me if I have this right?
1) Create certs for FDS server.
2) export servercerts on FDS.
3) install Active Directory and certificate services ( Enterprise Root CA )
4) Setup Active Directory for SSL ( tested with ldp.exe )
5) Export AD cert, import into FDS
6) Install PassSync, import servercerts from FDS
7) Test ldapsearch over SSL to AD.
I have just upgraded to Windows server 2003 R2 and I can't get SSL from FDS to AD working again.
I get this error.
../shared/bin/ldapsearch -Z -P . -h ad-server -p 636 -D "cn=administrator,cn=users,dc=xxx,dc=xxx,dc=xxx" -w - -s sub -b "cn=users,dc=xxx,dc=xxx,dc=xxx" "cn=*" -v
ldap_simple_bind: Can't contact LDAP server
SSL error -8179 (Peer's Certificate issuer is not recognized.)
Thanks in advance.
I'm trying to configure Fedora Directory Server as a back-end to Samba
3.x and I've succeeded in doing that with just one exception.
There seems to be a security mechanism that prevents users from changing
their passwords over non-SSL/TLS connections. (and gives the following
error: "Operation requires a secure connection")
I'm assuming this can be specified somewhere on the administrative
console so instead of wasting days looking I thought this would be a
good place to ask this question :)
Bottom line, how do I disable the security check that demands TLS/SSL
connection in order to change passwords ?
I am running fedora-ds-1.0.2-1 on CentOS 4 which I installed from a
binary rpm. I can't see the checkbox to enable SNMP in the SNMP config
tab - I can see the fields to fill in but there is no checkbox as per
the documentation - does this mean that it wasn't compiled with snmp
support? The MIB and agent etc. are all present and I have the
ldap-agent subagent running ...
NOPS Systems Architect
310 401 0407
I was wondering if the underlying database names would clash.
eg eu.example.com being on 1 server in userRoot while on the other
server na.example.com is in the userRoot database. That's what I'm
trying and I get errors
Replication error acquiring replica: no such replica Error code 6
and for the other suffix
Replication error acquiring replica: permission denied. Error code 3