I have successfully configured 389-DS with SSL.
I want to setup RHEL Client for the server.
I tried running:
But when I am trying to run:
dapsearch -h 389-ds.sap.com -b "dc=im,dc=sap,dc=com" -L "objectclass=*"
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
Any Idea what should be the exact steps.
am I missing anything?
The 389 team is pleased to announce the availability of Release
Candidate 4 of version 1.2.5.
NOTE: Packages for Enterprise Linux are available from EPEL. We will no
longer have a separate yum repo for these packagse.
We need your help! Please help us test this software. It is a Release
Candidate, so it is fairly stable at this point. We have worked hard to
make sure upgrades from previous releases are as smooth as possible, and
we would really appreciate feedback about upgrades. The Fedora system
strongly encourages packages to be in Testing until verified and pushed
to Stable. If we don't get any feedback while the packages are in
Testing, the packages will remain in limbo, or get pushed to Stable.
The more testing we get, the faster we can release these packages to Stable.
The packages that need testing are:
* Release Notes - http://port389.org/wiki/Release_Notes
* Install_Guide - http://port389.org/wiki/Install_Guide
* Download - http://port389.org/wiki/Download
=== New features ===
None - this release is primarily to fix the bug about Active Directory
=== Bugs Fixed ===
This release contains a couple of bug fixes. The complete list of bugs
fixed is found at the link below. Note that bugs marked as MODIFIED
have been fixed but are still in testing.
* Tracking bug for 1.2.5 release -
* https://bugzilla.redhat.com/show_bug.cgi?id=537956 Password
replication from 389DS to AD2008(64bit) fails, all other replication
I have been following the link :
found it very informative as per my requirement.
What i need is help on further for the same.
I have created two Location View : Delhi and Noida.
We are Sysadmin Team located at Delhi and Noida. We have 5 Projects under
Delhi and 6 Projects under Noida.
Under those projects we have generic users like jboss, tomcat, admin1 etc
I am in verse to carry out the structure in my Directory Server.
Till now I only created two Location Views following exactly
Just need your suggestion how to proceed?
Do I need to again create views respective of projects like P-1 to P-5 under
I have been following http://www.linuxmail.info/install-ssl-certificate-fds/ to
Manage Certificates under 389 Management Console. I have already ran
setupssl2.sh and restarted admin and directory server. Next I can also login
to 389 Management Console through Windows remotely.
My 389 Server is running on CentOS Linux.
I am stucked at point 6 of
http://www.linuxmail.info/install-ssl-certificate-fds/ where it ask for
Certificate Location.May I know what file its talking about.
All I can see these files under my /etc/dirsrv/slapd-389-ds :
[root@389-ds ~]# cd /etc/dirsrv/
[root@389-ds dirsrv]# pwd
[root@389-ds dirsrv]# ls
admin-serv config dsgw schema slapd-389-ds
[root@389-ds slapd-389-ds]# ls
adminserver.p12 dse.ldif.startOK pin.txt
cacert.asc dse_original.ldif pwdfile.txt
cert8.db key3.db schema
certmap.conf noise.txt secmod.db
dse.ldif orig-cert8.db slapd-collations.conf
Let me brief. I have just got into 389 Management Console which does display
both the Administrative Server and Directory Server.
Now Before that, let me inform you that I have Fedora DS running on 636 port
which means SSL is running. I downloaded a script called setupssl2.pl from
Fedora DS website and ran the script, restarted the disrv and admin
server.So there should be nothing to have it get display for 389 port Right?
But why Secure Connection under my dc=im,dc=log,dc=com is getting displayed
Do I need to manually edit the section and tick the Box.
It does ask for BIND DN and password which is also BLANK.
”It is not possible to rescue everyone who is caught in the Windows
--Make sure you are on solid Linux ground before trying.”
I'm evaluating the migrating of an openldap installation to
389 directory server (ca 1200 user objects).
With openldap I can restrict client authentication to ssl/tls ldap
connections and in parallel allow anonymous (unencrypted) access to items like phone
number etc. (slapd.conf with: "security simple_bind=56")
Is there a way you can do this with 389 directory server?
I have 389-DS SSL running on my Linux Machine. I can see th output:
[root@389-ds ~]# nmap -vv localhost
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2010-01-10 01:26 IST
Initiating SYN Stealth Scan against localhost.localdomain (127.0.0.1) [1680
ports] at 01:26
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 636/tcp on 127.0.0.1
The SYN Stealth Scan took 0.21s to scan 1680 total ports.
Host localhost.localdomain (127.0.0.1) appears to be up ... good.
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1678 closed ports
PORT STATE SERVICE
22/tcp open ssh
636/tcp open ldapssl
Nmap finished: 1 IP address (1 host up) scanned in 0.344 seconds
Raw packets sent: 1680 (73.920KB) | Rcvd: 3362 (141.208KB)
This shows that 636 port is open.But When I am attempting to this Linux
Server from one of Windows Desktop it says "LDAP is Down".
I selected LDAPv3 and LDAPv3, hostname and SSL/TLS tried fetching base DN
but it dint work.
I have been confused with the overall new 389 DS Server Setup.
All I did upto now is:
yum install 389-ds
and it did all the installation correctly.
Then, I ran:
It too went fine.
All I need is Setup 389 Server with SSL.I did went through
http://directory.fedoraproject.org/wiki/Howto:SSL but no Idea how to
I am confused with the following points:
1. Do I also need to run *setup-ds-admin.pl* and *setup-ds-dsgw* too?
I tried running setup-ds-admin.pl and it stucked at :
The server 'ldap://389-ds.sap.com:45474/o=NetscapeRoot' is not reachable.
Error: unknown error.
2. When Should I run the setupssl2.sh script? After running the above
What changes I need to make on the script?