I am getting "PSET failure: PSET attribute creation or local cache
update failed" when I try to enable SSL for admin server using the
I have used it in the past without issues and now for some reason I get
this error after doing a re-install of fds.
I used the SSL script from the fds site to generate the certs.
Admin server log has this error:
[error] SSL Library Error: -12271 SSL client cannot verify your certificate
Any help is highly appreciated.
We have an admin user which we use to connect to LDAP management console. However we have started getting error "49, password expired; invalid credentials" error since yesterday.
How to make this user login again in management console?
Ahhh...imagining that irresistible "new car" smell?
Check outnew cars at Yahoo! Autos.
Thanks for your answer, Patrick!
The Problem that I cannot change algorithm of search. I try to use pGina with module LDAP Auth at the enterprise. In LDAP Auth plugin there are the parameters, allowing to rank the user as the certain group on a workstation. For this purpose parameters userOK0-255 and adminOK0-255 are used. And they demand presence of property groupMembership in the scheme of the user.
The citation from the documentation to LDAP Auth plugin:
"If you do searching, uid (indicating a unique, alphanumeric username,
not a Unix number) is required unless you change the filter. For the
binds, it literally attempts a bind with username,
so bracket the username with whatever you call these attributes.
For userOK and adminOK, the user class must support the attribute
groupMembership as the user will be queried, not the group. If your
users have full control over their own attributes, this is not secure.
If your directory does not implement this, and instead requires
querying the group, support for that is not yet written (and may never
be as it is somewhat silly)."
groupMembership (I have in view of the name) it is possible to replace property with another.
>In that case you're probably looking at two lookups: one to get the dn
of the user, and a second to check for groups that have the dn as a
I had to restore my database. It's a single master environment with
replicas. I re-initialized my replicas. Everything seems fine, except I
cannot delete an entry. I can add new entries, modify entries, etc., but
I get error #1.
from the access log:
[07/May/2007:14:45:57 -0400] conn=833108 op=1 RESULT err=1 tag=107
nentries=0 etime=0 csn=463f73e5000000020000
at the command line:
ldap_delete: Operations error
There is no message in the errors log file.
>That depends how your groups are set up. Do they contain UIDs or DNs?
Groups contain DN, entering users.
For example, there is group GIS in it two users enter:
uid=ProbnyIv, ou=GIS, dc=mup-example, dc=vrn, dc=ru
uid=PukOl, dc=mup-example, dc=vrn, dc=ru
These DN are written down in property uniqueMember.
In properties of users uid=ProbnyIv and uid=PukOl there is no information on to what groups they belong. Whether it is possible to find out somehow it, requesting properties of the user?
>On Mon, 2007-05-07 at 20:52 +0400, Сафонов Алексей wrote:
>> How it is possible to learn to what groups FDS the user belongs, using property only the user?
>> I have not found such property.
>> Only it is possible to look in property of concrete group.
>> But I need to create inquiry, using only (uid = <user>)...
How it is possible to learn to what groups FDS the user belongs, using property only the user?
I have not found such property.
Only it is possible to look in property of concrete group.
But I need to create inquiry, using only (uid = <user>)...
Is there a HowTo available for the following:
Windows XP Home PC
eComStation (OS/2 Warp 4)
Fedora Core 6 Client
A General Tutorial
I'm new to this and I'd like to get out of having to maintain security on
all of my machines individually.
I have got SSL set up and working, but I have not figured out how I
can require that users only connect through a secure connection (SSL
or TLS) and deny access to cleartext communication.
I was able to do this with OpenLDAP, but it was done in the slapd.conf
file. I have not found any documentation on how to set it up or if it
is even possible with FDS.
Is there any doc or does anyone have any information on how to do this?
I can change ldap account's password by FDS console. The change will sync
to my AD soon, then I can logon windows system successfully with new
And if I finish the same work by using "passwd" command in linux. The change
will still happen in ldap server (so I can logon linux system)and sync to
AD.successfully, but I'll fail to logon windows system with any password,
whatever new or old one. What's the possible cause for this? Please help,
thanks a lot.
Joe Yu, Taiwan
My winsync function works fine except ntuseracctexpires attribute of ntuser
object. When I setup "Account Expiration Date" in "NT User" tab of FDS, I
get something like "200706071023".
It's very different from the format in AD ( accountExpires attribute will
look like "128257056000000000"). Then, after this change sync from
FDS(ntuseracctexpires) to AD(accountExpires), I find the windows system will
consider the user is already expired, even if I set up the expired date far
away from today. Can anyone tell me how to slove this problem? Thanks a lot!
Joe Yu, Taiwan