it is possible to implement samba as PDC + FDS and it will give fully functionality like Win 2003 DC ??
$ cat ~/satish/url.txt
Forgot the famous last words? Access your message archive online. Click here.
We have a decent sized env. (1 master, 16 slaves in different
datacenters across the world) and we're trying to find a way to
effectively monitor the status of replication. When was the last
update? How many changes were made? How long did it take from start to
finish? I know you can get most of this information from the gui, but
we need to tie it in to our monitoring application. Is this
information stored in a db anywhere? In ldap itself? Any insight would
Thanks in advance!
I am trying to track down the cause of some errors that have been occurring
on a number of our servers using LDAP. We have noticed that when a certain
LDAP group exceeds 65 users we begin seeing glibc errors for users in the
group. Users that are not in the group do not exhibit this behavior.
We have seen this issue on machines running Centos 4.5 x86 & x86_64 with
glibc-2.3.4-2.36 and RH4 x86_64 running glibc-2.3.4-2.25. We are running
Fedora Directory Server 1.0.4 on Centos 4.5. We have added a 3rd FDS slave
and turned up debugging but have not seen anything that appears to be
relevant in the logs on the 3rd slave.
This problem is not a 65 user limit as we have other groups with well over
65 members that do not display this behavior. We also created a new group
with identical users and it did not display this problem.
1) With 66 users in the massweb group
[root@megalon ~]# getent group massweb
*** glibc detected *** free(): invalid next size (normal): 0x09a225b0 ***
2) After removing any user from the massweb group to reduce the total
members to 65
[root@megalon ~]# getent group massweb
Has anyone encountered a similar problem? Any suggestions would be most
I'm trying to compile FDS 1.0.4 on a 280R running Solaris 8. After getting
all of the prerequisites installed (gnu make, apr, ant, sun workshop
compiler, etc) I started following the directions located here:
I created my ldap directory, and downloaded the mozilla components tarball
I successfully compiled NSS via 'gmake nss_build all'
I successfully compiled SVRCORE
Next, I attempted to compile LDAPSDK (mozilla/directory/c-sdk) but I get a
File not found error when it tries to link libatomic.o.
About the only thing I've been able to learn from a few hours of google is
that it appears that libatomic.o should come from NSPR, which, in theory,
was compiled during the gmake nss_build_all according to the build
documentation. Unfortunately, I cannot find libatomic.o anywhere on the
Is there a way to get past this problem? Am I crazy for expecting this to
compile on solaris even though solaris support is listed? Is there a better
build guide I should be following?
I've copied the compile errors below, in case it helps anyone see what's
going on. Any help that can be provided is greatly appreciated!
======= making ./libldap60.so
gcc -shared -Wl,-soname -Wl,libldap60.so -f libatomic.so -o
libldap60.so./abandon.o ./add.o ./bind.o ./cache.o ./charray.o
./compat.o ./control.o ./countvalues.o ./delete.o ./disptmpl.o ./dsparse.o
./error.o ./extendop.o ./free.o ./freevalues.o ./friendly.o ./getattr.o
./getdn.o ./getdxbyname.o ./getentry.o ./getfilter.o ./getoption.o
./getvalues.o ./memcache.o ./message.o ./modify.o ./open.o
./os-ip.o./proxyauthctrl.o ./psearch.o ./pwmodext.o ./referral.o
./request.o ./reslist.o ./result.o ./saslbind.o ./sbind.o ./search.o
./setoption.o ./sort.o ./sortctrl.o ./srchpref.o ./tmplout.o ./ufn.o
./unbind.o ./unescape.o ./url.o ./utf8.o ./vlistctrl.o ./saslio.o
gcc: libatomic.so: No such file or directory
gmake: *** [libldap60.so] Error 1
gmake: Leaving directory
gmake: *** [export] Error 2
I've succesfully installed fds and passync msi on windows AD. I admit
that some probem have arisen since documentation is a bit poor on SSL
part, especially on AD, but then finally I was able to make things
I'm facing an odd problem that I'm not able to understand, but
probably already discussed on the list.
I'm able to take in sync password in AD and FDS when I change
password from AD, but not viceversa. Really from Windows event log
things seem go right: it tell me that pasword has been succesfully
updated (passwd is issued from linux). But that stored password is
somewhat different . Could be an encryption problem ? Any hints ?
Paolo Barbato email: mailto:email@example.com
Network Administrator phone: (39-049)-829-5097
Corso Stati Uniti,4 www: http://www.igi.cnr.it
35127 Camin-Padova PGP:
ITALY JabberID: rfx_paolo_barbato(a)messenger.efda.org
I work for a University where Microsoft and Unix/Linux products are both
heavily present. We currently have both MS Active Directory servers and
OpenLDAP servers. We are currently looking at upgraded both of these
Currently we store all the user's passwords in LDAP (encrypted). Using
the "Windows Sync" feature of Fedora DS, is there a way to push the
encrypted passwords into Active Directory? Or is it only a AD -> LDAP
Thanks in advance,
KEAS Authentication/Directory Engineer
Kansas State University
I am having an issue that may be related to multi-master replication,
or it may be related to a non viewable ascii value in an attribute.
We have a custom schema. We have a multivalued attribute
this attribute has three values inside it.
My goal is to remove the trailing white space. Which may be a space or
a weird character.
I have tried deleting the individual values and re-adding them.
I attempted to delete the entire attribute and re-add.
The value keeps appearing like so.
Any ideas on how to clean this up. We do thousands of add and remove
operations a day and this has happened a few times.
A while ago there was a discussion here about dynamic groups and the
fact that the client(s) needs to handle this.
I've been working with RHDS in combination with HP's LDAP-UX, where the
client side of LDAP-UX does something smart to get dynamic groups
working as posix groups, which is really really cool. Essentially, you
get dynamic posix groups and a getent group (or grget on hp-ux) return
the group including all dynamic (memberURL) and static (memberuid)
members of a group.
I'm trying to get a conclusive answer about if this is possible under
linux. I thought pam_member_attribute would come to the rescue in this
case, but that does not seem to work.
So: is it possible to have dynamic members in a posix group under linux
using nss_ldap and pam_ldap so a "getent group" returns dynamic members?
If not, is there somebody working on it? or maybe even a commercial
I have five servers with FDS 1.0.4 and I would like to use multimaster
replication in those servers.
I know that there is some kind of limit for the number of servers in MMR,
four servers is the maximun if I remember correctly.
So, can I add replication agreements to five servers, is there a hardcoded
limit for four servers or what? What happends if I add those agreements?