The name PassSync would indicate that this utility synchronizes
passwords, can anything else be sync'd? I need to be able to sync all of
the following: users, groups, systems, email addresses, and passwords, etc.
Can PassSync do all that? If not is there another utility you might
recommend, either using FDS or not?
The sender of this email subscribes to Perimeter Internetworking's email
anti-virus service. This email has been scanned for malicious code and is
to be virus free. For more information on email security please
This communication is
confidential, intended only for the named recipient(s)
above and may contain trade secrets
or other information that is exempt from
disclosure under applicable law. Any use,
dissemination, distribution or
copying of this communication by anyone other than the named
strictly prohibited. If you have received this communication in error,
delete the email and immediately notify our Command Center at 203-541-3444.
this is a very beginner question, sorry if already answered (i didn't find it
i hame trying to change password using a very base php script, binding with
user credentials and next to modify password; i get always error for having
no enough rights to do it:
Warning: ldap_mod_replace() [function.ldap-mod-replace]: Modify: Insufficient
access in change_password.php on line ...
i bind using user dn and password
$ldapServer = '192.168.1.1';
$ldapBase = 'dc=example,dc=com';
$ldapDn = 'uid';
$ldapUid = 'ttest';
$ldapOU = 'ou=People';
$ldaprdn = $ldapDn . '=' . $ldapUid . ',' . $ldapOU . ',' . $ldapBase;
$ldappass = 'password';
$ldapConn = ldap_connect($ldapServer);
$ldapBind = ldap_bind($ldapConn,$ldaprdn,$ldappass);
ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
$result = ldap_mod_replace($ldapConn, $ldaprdn, $entry );
if ($result) echo "Password changed!" ;else echo "There was a problem!";
what i think, is that i miss something like this:
access to attr=userPassword
by self write
by anonymous auth
by * none
should i insert an aci like this?
some insight or suggestion?
Error to add machine in domain.
What to make?
The generated error is:
[root@plank ~]# /usr/sbin/smbldap-useradd -w "teste$"
Error: Insufficient 'write' privilege to the 'uidNumber' attribute of
Aqui na Oi Internet você ganha ou ganha. Além de acesso grátis com
qualidade, ganha contas ilimitadas de email com 1 giga cada uma. Ganha
espaço ilimitado para hospedar sua página pessoal. Ganha flog, suporte
grátis e muito mais. Baixe grátis o Discador em
http://www.oi.com.br/discador e comece a ganhar.
Agora, se o seu negócio é voar na internet sem pagar uma fortuna,
assine Oi Internet banda larga e ganhe modem grátis. Clique em
http://www.oi.com.br/bandalarga e aproveite essa moleza!
Currently, I'm doing all my lab testing using Fedora Directory
Server 1.0.4 under RHES4 Advanced Server, but once all the lab tests are
done we are going to purchase RHDS (it's too expensive to buy a RHDS
copy only to do lab testing right now).
Does someone knows if there are any technnical differences between
FDS and RHDS ? Are there know technnical limitations in RHDS that FDS
doesn't have or vice-versa ?
André Luís Lopes
In my fedora-ds the follow error is showed when i try to create an account (people or machine account). I searched in Google and in the forum of fedora-ds and i did not find something that could solve the problem. Some tip to help me?
[root@plank samba]# /usr/sbin/smbldap-useradd -t 5 -n -d /dev/null -s /bin/false -w "teste$"
Error: Insufficient 'write' privilege to the 'uidNumber' attribute of entry 'sambadomainname=aaaaa,dc=xxx,dc=yyy,dc=zz'.
First of all, I would like to tell you all that that this is my very
first message to this mailing list so please be patient with me for a
while and sorry for the possibly dull questions.
Also, it's important to let you guys know that I already learnt a
lot only by searching the list archives. Thanks :-) I tried each and
every bit I found online (be it by reading the enormous amount of
documentation under http://directory.fedoraproject.org/ or by reading
the mailing list archives) and couldn't get Windows Sync using SSL to
What I have now :
1) Fedora Directory Server 1.0.4 running under a REd Hat Enterprise
Linux 4 Advanced Server Update 5, installed from the
fedora-ds-1.0.4-1.RHEL4.i386.opt.rpm package. This host is named
2) Windows Server 2003 Enterprise Edition running a locally Active
Directory set up only for testing. This host is named adserver.aw2.local.
I already installed PassSync (from
the Windows Server 2003 and already have it configured to use the
following information :
Host name : fds.aw2.local
Port number : 636
User name : uid=replication, cn=config
Password : 123456
Cert Token : 123456
Search base : dc=aw2, dc=local
uid=replication is a user I added to FDS, under cn=config. Cert
token is the correct certificate token and search base is the correct
search base as well.
I can create a Windows Sync Agreement and have it doing
synchronization both from AD to FDS and from FDS to AD, but only when
using a non-SSL connection. But, in this case, as you all know, I don't
get users passwords sychronized.
I thin I got both AD and FDS SSL setup right as I can use "Active
Directory Administration Tool (ldp.exe)" to connect to AD on port 636
(SSL) correctly and I can use an ldapsearch from the FDS machine to the
FDS directory using SSL correctly as well.
The only problem I'm getting is whenever I try to set up a Windows
Sync Agreement using SSL I get the following error message on my FDS
LDAP error log (/opt/fedora-ds/slapd-fds/logs/error, in my case) :
[18/May/2007:08:52:40 -0300] NSMMReplicationPlugin - agmt="cn=sync"
(adserver:636): Simple bind failed, LDAP sdk error 81 (Can't contact
LDAP server), Netscape Portable Runtime error -8179 (Peer's Certificate
issuer is not recognized.)
I have the following configured regarding certificates in the AD
host ("certutil.exe -d . -L" output running from C:\Program Files\Red
Hat Directory Password Synchronization\) :
CA certificate CT,C,C
Isn't this certificate database the one which is being used when a
Windows Sync Agreement is set up ? Anyway, I already also tried the
1) Import the FDS certificate using :
/opt/fedora-ds/shared/bin/pk12util -d . -P slapd-fds- -o servercert.pfx
2) Import it into AD certificate snap-in in Windows Microsoft Management
Console and reboot.
No luck with this also. I have read and re-read every single bit of
documentation I could find about the topic and I have no problem reading
more if you guys ask me to RTFM. Just point me to the "fine" manual :-)
André Luís Lopes
Am switching over from OpenLDAP to Fedora DS.
The Java code that was creating user entries in OpenLDAP isn't working with
Fedora DS and I thought perhaps the reason would be obvious to someone out there.
This is what was working with OpenLDAP:
dirContext = new InitialDirContext(anonymousEnv);
// need to be administrator to do this
// ref: RFC 2798
// the inetOrgPerson represents people who are associated with an organization in some way.
// mandatory attributes for inetOrgPerson are: cn, objectClass, sn
Attribute ocAttr = new BasicAttribute("objectClass", "top");
// create the attribute set
Attributes attrs = new BasicAttributes(true); // as LDAP attribute names are case-insensitive
attrs.put("sn", username); // not relevant but mandatory and can't put "" in there
// create entry in directory
logger.debug("About to create subcontext: "+dn);
accountContext = dirContext.createSubcontext(dn, attrs);
Error I'm getting with Fedora DS at the last line of that code is:
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
Have tried with ldapadd from the command line to create a user entry with all the same values and
that works ok, so I'm a bit puzzled why the code doesn't work here.
If anyone has any ideas, would appreciate them.
Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm
> > For instance, can I *upgrade* the slave to a master, and then
> > replicate to the *old* master (once I have
> > reinstalled/rebuilt it). Or maybe simply dump the slaves data
> > to LDIF and then re-import into the *old* master.
> > Does that make any sense??? Just wondered if there was a
> > quick way of using the secondary to accomplish this, before I
> > start sifting through tapes...
> I've done this before -- you can go into the server's
> replication settings and set it to be a master, and then
> initialize the consumer to re-replicate. Works fine.
Thanks Patrick, I tested this with a copy of my slave FDS instance on a
VMware box first and it worked fine.
Did it again on the *real* slave server and all is well. Once again, I
have master and slave FDS boxes, without having to resort to using my
Linux System Administrator
This email (including any attachments) may contain confidential and/or privileged information or information otherwise protected from disclosure. If you are not the intended recipient, please notify the sender immediately, do not copy this message or any attachments and do not use it for any purpose or disclose its content to any person, but delete this message and any attachments from your system. Astrium disclaims any and all liability if this email transmission was virus corrupted, altered or falsified.
Astrium Limited, Registered in England and Wales No. 2449259
Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2AS, England
So, I keep doing a clean install of fds 1.0.4 on a rhel4 box, and it
fails. I'm trying to set up a replica. It connects to the master
configuration server. In fact, the entire setup script goes swimmingly
and all looks fine. Then:
Created new Directory Server
Start Slapd Starting Slapd server configuration.
Success Slapd Added Directory Server information to Configuration Server.
Configuring Administration Server...
Setting up Administration Server Instance...
ERROR: Administration Server configuration failed.
You can now use the console. Here is the command to use to start the
And the result is a non-functioning console. Any ideas?