headers
Richard Megginson | 1 Dec 2005 14:59

Announcing Fedora Directory Server 1.0

We are proud to announce the release of Fedora Directory Server 1.0.

This release marks a significant milestone for the open source 
community, who now have access to the code for the console and 
administration engine as well as the previously open sourced LDAP 
engine. This release uses the Apache httpd engine as its administration 
server, and includes mod_nss - a rewrite of mod_ssl which uses the 
Mozilla NSS crypto engine. The 1.0 release, in addition to its many 
other features such as LDAPv3, Multi-Master Replication, and Windows 
Synchronization, includes support for MD5, SHA-256, SHA-384, and SHA-512 
password hashing, as well as many bug fixes. Fedora Directory Server 1.0 
furthers the evolution and democratization of open source software in 
making this powerful, enterprise proven technology available to all. It 
is a boon for developers who are now able to port the full package - 
LDAP engine, console, and admin engine - to many different platforms.

If you have used the previous version of Fedora Directory Server, we 
invite you to try our new version. If you are using another LDAP server, 
we invite you to try ours and let us know how it compares - we're always 
looking for ways to improve. Our community is already active and 
growing, and you are welcome and encouraged to join. There are many 
ways: joining the mailing lists, reporting bugs, editing documentation, 
writing scripts/patches/plug-ins, and many more.

Try it out! - http://directory.fedora.redhat.com/wiki/Download
Our home page - http://directory.fedora.redhat.com/
Join our community! - 
http://directory.fedora.redhat.com/wiki/Ways_to_contribute
mod_nss - http://directory.fedora.redhat.com/wiki/Mod_nss
Drop us a line! - fedora-directory-users@... and
(Continue reading)

Permalink | Reply | 0 comments |
headers
Dai Man Chan | 2 Dec 2005 16:36

Create an login account in LDAP but can only login in some server.

Hi all, Im new to this mailing list :)

Just wonder lets say if I have 3 servers say X,Y,Z and these servers use
LDAP to manage the user login account (i.e. the /etc/passwd).

Is that possible to create an login account in LDAP and this account can
only login in server X and Y but not Z?

Thanks
Permalink | Reply | 0 comments |
headers
Hallvard B Furuseth | 3 Dec 2005 01:36
Picon
Picon
Favicon

Re: Create an login account in LDAP but can only login in some server.

Dai Man Chan writes:
> Just wonder lets say if I have 3 servers say X,Y,Z and these servers
> use LDAP to manage the user login account (i.e. the /etc/passwd).
>
> Is that possible to create an login account in LDAP and this account
> can only login in server X and Y but not Z?

The normal way to achieve this is to use a netgroup which lists who can
log in to Z.  This is handled in the OS, not in LDAP - though you can
use LDAP as the place to store netgroups if you wish.  (I've never tried
the latter, but see object class 'nisNetgroup' in RFC 2307 and - if you
use OpenLDAP - etc/openldap/schema/nis.schema.)

Still, at least with OpenLDAP you can use the peer's IP address in
access statements.  The access statements get cumbersome or if it's more
than for just a few users though.

--

-- 
Hallvard
Permalink | Reply | 0 comments |
headers
qazmlp | 5 Dec 2005 15:40
Favicon

No 'masteredBy' operational attribute from openLDAP server??

If I query for 'masteredBy' operational attribute in the openLDAP server,
I do not get any values returned. The program returns 'Decoding error'.
Does anybody have an idea about what should be configured in the server to
make the operational attributes returned?
Permalink | Reply | 0 comments |
headers
Quanah Gibson-Mount | 5 Dec 2005 18:59
Picon
Favicon

Re: No 'masteredBy' operational attribute from openLDAP server??


--On Monday, December 05, 2005 9:40 AM -0500 qazmlp 
<qazmlp1209@...> wrote:

> If I query for 'masteredBy' operational attribute in the openLDAP server,
> I do not get any values returned. The program returns 'Decoding error'.
> Does anybody have an idea about what should be configured in the server to
> make the operational attributes returned?

Generally a search like:

tribes:~> ldapsearch -LLL -Q -h ldap -s base -b "" +
dn:
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
namingContexts: dc=stanford,dc=edu
monitorContext: cn=Monitor
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.334810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.1466.20037
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andres Tarallo | 5 Dec 2005 19:58
Picon

Is this Wrong

I'm setting a LDAP directory based uppon OpenLDAP. In this directory I'm
loading personal names in Spanish and Protuguese. This names have
accents an special
characters, specific to spanish (á à ñ and so on).

When I do an LDAPSearch I get lines like this
cname:: wiqu4oiywerirhwerkfh

Is this wrong? I ignore something? Any help appreciated.

Andres
Permalink | Reply | 2 comments |
headers
Quanah Gibson-Mount | 5 Dec 2005 20:16
Picon
Favicon

Re: Is this Wrong


--On Monday, December 05, 2005 3:58 PM -0300 Andres Tarallo 
<tarallo@...> wrote:

> I'm setting a LDAP directory based uppon OpenLDAP. In this directory I'm
> loading personal names in Spanish and Protuguese. This names have
> accents an special
> characters, specific to spanish (á à ñ and so on).
>
> When I do an LDAPSearch I get lines like this
> cname:: wiqu4oiywerirhwerkfh
>
> Is this wrong? I ignore something? Any help appreciated.

No, this simply means it was Mime::Base64 encoded, which will happen on any 
LDAP server.  Simply decode it.  Also, I suggest using the 
openldap-software@... list for questions specific to
OpenLDAP. 
And, if you searched the list archives for the OpenLDAP software list at 
<http://www.openldap.org>, you would have seen questions like this asked 
and answered many times. :)

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
(Continue reading)

Permalink | Reply | 1 comment |
headers
Hallvard B Furuseth | 6 Dec 2005 01:45
Picon
Picon
Favicon

Re: Is this Wrong

Quanah Gibson-Mount writes:
>> When I do an LDAPSearch I get lines like this
>> cname:: wiqu4oiywerirhwerkfh
>>
>> Is this wrong? I ignore something? Any help appreciated.
>
> No, this simply means it was Mime::Base64 encoded, which will happen
> on any LDAP server.  Simply decode it.

True but a bit misleading. Just for the record: It's because ldapsearch,
not the server, base64-encodes the value before displaying it.  The '::'
after the attribute name means the value is displayed base64-encoded.

> Also, I suggest using the openldap-software@... list for
> questions specific to OpenLDAP.  And, if you searched the list
> archives for the OpenLDAP software list at <http://www.openldap.org>,
> you would have seen questions like this asked and answered many
> times. :)

Yup.

--

-- 
Hallvard
Permalink | Reply | 0 comments |
headers
Xavier Cabrera | 12 Dec 2005 21:28

LDAP log users

Hello every one:

Any of you know if LDAP can made a accounting like TACACS for users?

I have multiple servers and i want to have in a DB all activities of my 
LDAP authenticated users.

Thanks For any hint!

Regards,
Xavier Cabrera.
Permalink | Reply | 0 comments |
headers
De Leeuw Guy | 13 Dec 2005 15:34
Picon

ldapsearch question

Hi,

I create our own attribute called "homeMail" :

attributeType ( 1.3.6.1.4.1.13175.1.12 NAME 'homeMail'
    SUP mail )

when I search the attribute mail, ldapsearch return also the attribute
homeMail.
It'is possible to bypass or pass round this state ?

Thanks in advance
Guy
Permalink | Reply | 2 comments |

Gmane