Discussion:
[389-users] Getting started with 389 DS
harry.devine
2010-10-22 20:12:34 UTC
Permalink
I just installed 389 DS on a laptop running CentOS 5.4 to start getting
familiar with it. I got it installed correctly (answered all of the
questions in the setup-ds-admin.pl script, verified that the dirsrv and
dirsrv-admin services are running), but when I run the 389-console, I
can't log in. I'm entering the username and password that I used in the
setup script, but I keep getting "Cannot login because of an incorrect
User ID, incorrect password, or Directory problem.
java.io.InterruptedIOException: HTTP response timeout".

What am I doing wrong? I'm trying to follow the docs at
http://directory.fedoraproject.org/wiki/Documentation but they seem to
jump all over the place. I did find a tutorial at
http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/, but
I'm stuck at the first step under "Administering 389 Directory Server". Do
I have to reinstall the 389 DS? Is there a place that I can clear
out/reset the admin password to get in?

Thanks,
Harry

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine at faa.gov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20101022/15c72024/attachment.html
Rich Megginson
2010-10-22 20:31:27 UTC
Permalink
harry.devine at faa.gov wrote:
>
> I just installed 389 DS on a laptop running CentOS 5.4 to start
> getting familiar with it. I got it installed correctly (answered all
> of the questions in the setup-ds-admin.pl script, verified that the
> dirsrv and dirsrv-admin services are running), but when I run the
> 389-console, I can't log in. I'm entering the username and password
> that I used in the setup script, but I keep getting "Cannot login
> because of an incorrect User ID, incorrect password, or Directory
> problem. java.io.InterruptedIOException: HTTP response timeout".
Check the logs - what is in /var/log/dirsrv/admin-serv/error?
/var/log/dirsrv/slapd-YOURINSTANCE/errors?
/var/log/dirsrv/slapd-YOURINSTANCE/access?

You can also run the console with -D 9 -f console.log to get more
verbose output
>
> What am I doing wrong? I'm trying to follow the docs at
> http://directory.fedoraproject.org/wiki/Documentation but they seem to
> jump all over the place. I did find a tutorial at
> http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/,
> but I'm stuck at the first step under "Administering 389 Directory
> Server". Do I have to reinstall the 389 DS? Is there a place that I
> can clear out/reset the admin password to get in?
>
> Thanks,
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218
> Harry.Devine at faa.gov
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
harry.devine
2010-10-25 12:16:19 UTC
Permalink
I don't have anything in the error log file show up when I try to log in.
I get the following when I try to log in using the -D 9 -f switches that
you mentioned:

CommManager> New CommRecord (http://localhost:9830/admin-serv/authenticate
)
http://localhost:9830/[1:0] open> Ready
http://localhost:9830/[1:0] accept>
http://localhost:9830/admin-serv/authenticate
http://localhost:9830/[1:0] send> GET \
http://localhost:9830/[1:0] send> /admin-serv/authenticate \
http://localhost:9830/[1:0] send> HTTP/1.0
http://localhost:9830/[1:0] send> Host: localhost:9830
http://localhost:9830/[1:0] send> Connection: Keep-Alive
http://localhost:9830/[1:0] send> User-Agent: 389-Management-Console/1.1.3
http://localhost:9830/[1:0] send> Accept-Language: en
http://localhost:9830/[1:0] send> Authorization: Basic \
http://localhost:9830/[1:0] send> YWRtaW46bW9uNXNsaWNr \
http://localhost:9830/[1:0] send>
http://localhost:9830/[1:0] send>
http://localhost:9830/[1:0] recv> interrupted
http://localhost:9830/[1:0] error> java.io.InterruptedIOException: HTTP
response timeout
http://localhost:9830/[1:0] close> Closed

I do have httpd running too. Also, I'm using "admin" as the user name,
and I know that the password is correct. I'm using "http://localhost:9830
" as the administration URL too. I tried using "cn=Directory Manager" as
the user ID like the tutorial I linked mentions, but got the same problem.

Thanks,
Harry

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine at faa.gov



From:
Rich Megginson <rmeggins at redhat.com>

To:
"General discussion list for the 389 Directory server project."
<389-users at lists.fedoraproject.org>
Date:
10/22/2010 04:29 PM
Subject:
Re: [389-users] Getting started with 389 DS
Sent by:
389-users-bounces at lists.fedoraproject.org



harry.devine at faa.gov wrote:
>
> I just installed 389 DS on a laptop running CentOS 5.4 to start
> getting familiar with it. I got it installed correctly (answered all
> of the questions in the setup-ds-admin.pl script, verified that the
> dirsrv and dirsrv-admin services are running), but when I run the
> 389-console, I can't log in. I'm entering the username and password
> that I used in the setup script, but I keep getting "Cannot login
> because of an incorrect User ID, incorrect password, or Directory
> problem. java.io.InterruptedIOException: HTTP response timeout".
Check the logs - what is in /var/log/dirsrv/admin-serv/error?
/var/log/dirsrv/slapd-YOURINSTANCE/errors?
/var/log/dirsrv/slapd-YOURINSTANCE/access?

You can also run the console with -D 9 -f console.log to get more
verbose output
>
> What am I doing wrong? I'm trying to follow the docs at
> http://directory.fedoraproject.org/wiki/Documentation but they seem to
> jump all over the place. I did find a tutorial at
> http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/,
> but I'm stuck at the first step under "Administering 389 Directory
> Server". Do I have to reinstall the 389 DS? Is there a place that I
> can clear out/reset the admin password to get in?
>
> Thanks,
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218
> Harry.Devine at faa.gov
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20101025/a394f49f/attachment.html
harry.devine
2010-10-25 12:34:15 UTC
Permalink
Just a follow up: I was able to log in. I turned off the software
firewall and used "cn=Directory Manager" as the User ID and was able to
log in. This machine is isolated so there's low risk in having the
firewall off. When I get further along, I can turn it back on with 9830
added as a acceptable port I suppose.

Thanks for the help, and sorry about the noise.
Harry

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine at faa.gov



From:
Rich Megginson <rmeggins at redhat.com>

To:
"General discussion list for the 389 Directory server project."
<389-users at lists.fedoraproject.org>
Date:
10/22/2010 04:29 PM
Subject:
Re: [389-users] Getting started with 389 DS
Sent by:
389-users-bounces at lists.fedoraproject.org



harry.devine at faa.gov wrote:
>
> I just installed 389 DS on a laptop running CentOS 5.4 to start
> getting familiar with it. I got it installed correctly (answered all
> of the questions in the setup-ds-admin.pl script, verified that the
> dirsrv and dirsrv-admin services are running), but when I run the
> 389-console, I can't log in. I'm entering the username and password
> that I used in the setup script, but I keep getting "Cannot login
> because of an incorrect User ID, incorrect password, or Directory
> problem. java.io.InterruptedIOException: HTTP response timeout".
Check the logs - what is in /var/log/dirsrv/admin-serv/error?
/var/log/dirsrv/slapd-YOURINSTANCE/errors?
/var/log/dirsrv/slapd-YOURINSTANCE/access?

You can also run the console with -D 9 -f console.log to get more
verbose output
>
> What am I doing wrong? I'm trying to follow the docs at
> http://directory.fedoraproject.org/wiki/Documentation but they seem to
> jump all over the place. I did find a tutorial at
> http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/,
> but I'm stuck at the first step under "Administering 389 Directory
> Server". Do I have to reinstall the 389 DS? Is there a place that I
> can clear out/reset the admin password to get in?
>
> Thanks,
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218
> Harry.Devine at faa.gov
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20101025/4bbbbb96/attachment.html
Gerrard Geldenhuis
2010-10-25 12:54:33 UTC
Permalink
Hi Glad to hear you got your problem sorted, you might also consider using the FQDN of the servername rather than localhost. This will safe you some trouble when you enable SSL.

Regards
________________________________________
From: 389-users-bounces at lists.fedoraproject.org [389-users-bounces at lists.fedoraproject.org] on behalf of harry.devine at faa.gov [harry.devine at faa.gov]
Sent: 25 October 2010 13:34
To: General discussion list for the 389 Directory server project.
Cc: General discussion list for the 389 Directory server project.; 389-users-bounces at lists.fedoraproject.org
Subject: Re: [389-users] Getting started with 389 DS

Just a follow up: I was able to log in. I turned off the software firewall and used "cn=Directory Manager" as the User ID and was able to log in. This machine is isolated so there's low risk in having the firewall off. When I get further along, I can turn it back on with 9830 added as a acceptable port I suppose.

Thanks for the help, and sorry about the noise.
Harry

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine at faa.gov


From: Rich Megginson <rmeggins at redhat.com>
To: "General discussion list for the 389 Directory server project." <389-users at lists.fedoraproject.org>
Date: 10/22/2010 04:29 PM
Subject: Re: [389-users] Getting started with 389 DS
Sent by: 389-users-bounces at lists.fedoraproject.org

________________________________



harry.devine at faa.gov wrote:
>
> I just installed 389 DS on a laptop running CentOS 5.4 to start
> getting familiar with it. I got it installed correctly (answered all
> of the questions in the setup-ds-admin.pl script, verified that the
> dirsrv and dirsrv-admin services are running), but when I run the
> 389-console, I can't log in. I'm entering the username and password
> that I used in the setup script, but I keep getting "Cannot login
> because of an incorrect User ID, incorrect password, or Directory
> problem. java.io.InterruptedIOException: HTTP response timeout".
Check the logs - what is in /var/log/dirsrv/admin-serv/error?
/var/log/dirsrv/slapd-YOURINSTANCE/errors?
/var/log/dirsrv/slapd-YOURINSTANCE/access?

You can also run the console with -D 9 -f console.log to get more
verbose output
>
> What am I doing wrong? I'm trying to follow the docs at
> http://directory.fedoraproject.org/wiki/Documentation but they seem to
> jump all over the place. I did find a tutorial at
> http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/,
> but I'm stuck at the first step under "Administering 389 Directory
> Server". Do I have to reinstall the 389 DS? Is there a place that I
> can clear out/reset the admin password to get in?
>
> Thanks,
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218
> Harry.Devine at faa.gov
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

________________________________________________________________________
Rich Megginson
2010-10-25 14:26:31 UTC
Permalink
harry.devine at faa.gov wrote:
>
> Just a follow up: I was able to log in. I turned off the software
> firewall and used "cn=Directory Manager" as the User ID and was able
> to log in. This machine is isolated so there's low risk in having the
> firewall off. When I get further along, I can turn it back on with
> 9830 added as a acceptable port I suppose.
Yes. You will need to open 389, 636, and 9830
>
> Thanks for the help, and sorry about the noise.
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218
> Harry.Devine at faa.gov
>
>
> From: Rich Megginson <rmeggins at redhat.com>
> To: "General discussion list for the 389 Directory server project."
> <389-users at lists.fedoraproject.org>
> Date: 10/22/2010 04:29 PM
> Subject: Re: [389-users] Getting started with 389 DS
> Sent by: 389-users-bounces at lists.fedoraproject.org
>
>
> ------------------------------------------------------------------------
>
>
>
> harry.devine at faa.gov wrote:
> >
> > I just installed 389 DS on a laptop running CentOS 5.4 to start
> > getting familiar with it. I got it installed correctly (answered all
> > of the questions in the setup-ds-admin.pl script, verified that the
> > dirsrv and dirsrv-admin services are running), but when I run the
> > 389-console, I can't log in. I'm entering the username and password
> > that I used in the setup script, but I keep getting "Cannot login
> > because of an incorrect User ID, incorrect password, or Directory
> > problem. java.io.InterruptedIOException: HTTP response timeout".
> Check the logs - what is in /var/log/dirsrv/admin-serv/error?
> /var/log/dirsrv/slapd-YOURINSTANCE/errors?
> /var/log/dirsrv/slapd-YOURINSTANCE/access?
>
> You can also run the console with -D 9 -f console.log to get more
> verbose output
> >
> > What am I doing wrong? I'm trying to follow the docs at
> > http://directory.fedoraproject.org/wiki/Documentation but they seem to
> > jump all over the place. I did find a tutorial at
> > http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/,
> > but I'm stuck at the first step under "Administering 389 Directory
> > Server". Do I have to reinstall the 389 DS? Is there a place that I
> > can clear out/reset the admin password to get in?
> >
> > Thanks,
> > Harry
> >
> > Harry Devine
> > Common ARTS Software Development
> > AJT-144
> > (609)485-4218
> > Harry.Devine at faa.gov
> > ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
harry.devine
2010-10-25 14:36:18 UTC
Permalink
Thanks. I'll keep that in mind. While I have your attention, can I ask
another question since I'm progressing along? What I ultimately want to
do is migrate from Microsoft Active Directory 2003 to 389 Directory
Server. I was reading up on how to export to an ldif file using ldifde.
However, when I try to import the ldif file into my test 389 DS, I get an
error for each user that says "entry <xxxx> has unknown object class
"user" " (the <xxxx> is the CN= entry for that user).

All I've found in the docs online so far is how to sync between the DS and
AD. I don't want to sync; I want to basically migrate. I can't find how
to do that. Any thoughts?

Thanks!
Harry

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine at faa.gov



From:
Rich Megginson <rmeggins at redhat.com>

To:
"General discussion list for the 389 Directory server project."
<389-users at lists.fedoraproject.org>
Cc:
389-users-bounces at lists.fedoraproject.org
Date:
10/25/2010 10:25 AM
Subject:
Re: [389-users] Getting started with 389 DS
Sent by:
389-users-bounces at lists.fedoraproject.org



harry.devine at faa.gov wrote:
>
> Just a follow up: I was able to log in. I turned off the software
> firewall and used "cn=Directory Manager" as the User ID and was able
> to log in. This machine is isolated so there's low risk in having the
> firewall off. When I get further along, I can turn it back on with
> 9830 added as a acceptable port I suppose.
Yes. You will need to open 389, 636, and 9830
>
> Thanks for the help, and sorry about the noise.
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218
> Harry.Devine at faa.gov
>
>
> From: Rich Megginson <rmeggins at redhat.com>
> To: "General discussion list for the 389 Directory server
project."
> <389-users at lists.fedoraproject.org>
> Date: 10/22/2010 04:29 PM
> Subject: Re: [389-users] Getting started with 389 DS
> Sent by: 389-users-bounces at lists.fedoraproject.org
>
>
> ------------------------------------------------------------------------
>
>
>
> harry.devine at faa.gov wrote:
> >
> > I just installed 389 DS on a laptop running CentOS 5.4 to start
> > getting familiar with it. I got it installed correctly (answered all
> > of the questions in the setup-ds-admin.pl script, verified that the
> > dirsrv and dirsrv-admin services are running), but when I run the
> > 389-console, I can't log in. I'm entering the username and password
> > that I used in the setup script, but I keep getting "Cannot login
> > because of an incorrect User ID, incorrect password, or Directory
> > problem. java.io.InterruptedIOException: HTTP response timeout".
> Check the logs - what is in /var/log/dirsrv/admin-serv/error?
> /var/log/dirsrv/slapd-YOURINSTANCE/errors?
> /var/log/dirsrv/slapd-YOURINSTANCE/access?
>
> You can also run the console with -D 9 -f console.log to get more
> verbose output
> >
> > What am I doing wrong? I'm trying to follow the docs at
> > http://directory.fedoraproject.org/wiki/Documentation but they seem to
> > jump all over the place. I did find a tutorial at
> > http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/,
> > but I'm stuck at the first step under "Administering 389 Directory
> > Server". Do I have to reinstall the 389 DS? Is there a place that I
> > can clear out/reset the admin password to get in?
> >
> > Thanks,
> > Harry
> >
> > Harry Devine
> > Common ARTS Software Development
> > AJT-144
> > (609)485-4218
> > Harry.Devine at faa.gov
> >
------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20101025/b1f5bce3/attachment.html
Gerrard Geldenhuis
2010-10-25 14:48:15 UTC
Permalink
Hi Harry,
It basically means that the object class used to define the user in the directory from which you exported the user does not exist in 389 or is not available. It might also help to post an example of the ldif file here for people to have a look at. It will make debugging your problem much easier. You could probably either import the object class or replace the objectclass with a suitably similar ojbectclass in 389 directory.

An object class is a list of attributes grouped together to define an entry. You can combine multiple object classed to have more attributes available with which to "describe" an entry.

Best Regards
________________________________________
From: 389-users-bounces at lists.fedoraproject.org [389-users-bounces at lists.fedoraproject.org] on behalf of harry.devine at faa.gov [harry.devine at faa.gov]
Sent: 25 October 2010 15:36
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] Getting started with 389 DS

Thanks. I'll keep that in mind. While I have your attention, can I ask another question since I'm progressing along? What I ultimately want to do is migrate from Microsoft Active Directory 2003 to 389 Directory Server. I was reading up on how to export to an ldif file using ldifde. However, when I try to import the ldif file into my test 389 DS, I get an error for each user that says "entry <xxxx> has unknown object class "user" " (the <xxxx> is the CN= entry for that user).

All I've found in the docs online so far is how to sync between the DS and AD. I don't want to sync; I want to basically migrate. I can't find how to do that. Any thoughts?

Thanks!
Harry

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine at faa.gov


From: Rich Megginson <rmeggins at redhat.com>
To: "General discussion list for the 389 Directory server project." <389-users at lists.fedoraproject.org>
Cc: 389-users-bounces at lists.fedoraproject.org
Date: 10/25/2010 10:25 AM
Subject: Re: [389-users] Getting started with 389 DS
Sent by: 389-users-bounces at lists.fedoraproject.org

________________________________



harry.devine at faa.gov wrote:
>
> Just a follow up: I was able to log in. I turned off the software
> firewall and used "cn=Directory Manager" as the User ID and was able
> to log in. This machine is isolated so there's low risk in having the
> firewall off. When I get further along, I can turn it back on with
> 9830 added as a acceptable port I suppose.
Yes. You will need to open 389, 636, and 9830
>
> Thanks for the help, and sorry about the noise.
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218
> Harry.Devine at faa.gov
>
>
> From: Rich Megginson <rmeggins at redhat.com>
> To: "General discussion list for the 389 Directory server project."
> <389-users at lists.fedoraproject.org>
> Date: 10/22/2010 04:29 PM
> Subject: Re: [389-users] Getting started with 389 DS
> Sent by: 389-users-bounces at lists.fedoraproject.org
>
>
> ------------------------------------------------------------------------
>
>
>
> harry.devine at faa.gov wrote:
> >
> > I just installed 389 DS on a laptop running CentOS 5.4 to start
> > getting familiar with it. I got it installed correctly (answered all
> > of the questions in the setup-ds-admin.pl script, verified that the
> > dirsrv and dirsrv-admin services are running), but when I run the
> > 389-console, I can't log in. I'm entering the username and password
> > that I used in the setup script, but I keep getting "Cannot login
> > because of an incorrect User ID, incorrect password, or Directory
> > problem. java.io.InterruptedIOException: HTTP response timeout".
> Check the logs - what is in /var/log/dirsrv/admin-serv/error?
> /var/log/dirsrv/slapd-YOURINSTANCE/errors?
> /var/log/dirsrv/slapd-YOURINSTANCE/access?
>
> You can also run the console with -D 9 -f console.log to get more
> verbose output
> >
> > What am I doing wrong? I'm trying to follow the docs at
> > http://directory.fedoraproject.org/wiki/Documentation but they seem to
> > jump all over the place. I did find a tutorial at
> > http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/,
> > but I'm stuck at the first step under "Administering 389 Directory
> > Server". Do I have to reinstall the 389 DS? Is there a place that I
> > can clear out/reset the admin password to get in?
> >
> > Thanks,
> > Harry
> >
> > Harry Devine
> > Common ARTS Software Development
> > AJT-144
> > (609)485-4218
> > Harry.Devine at faa.gov
> > ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

________________________________________________________________________
harry.devine
2010-10-25 15:01:53 UTC
Permalink
OK, here's an example of what ldifde exported for me (I didn't put the
entire entry for my user object since there are things such as phone
number and address listed, but I can post the entire entry if requested; I
would just mask that info out):

dn: CN=Devine\, Harry,CN=Users,DC=commonsds,DC=faa,DC=gov
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Devine, Harry
sn: Devine

Thanks,
Harry

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine at faa.gov



From:
Gerrard Geldenhuis <Gerrard.Geldenhuis at betfair.com>

To:
General discussion list for the 389 Directory server project.
<389-users at lists.fedoraproject.org>
Date:
10/25/2010 10:51 AM
Subject:
Re: [389-users] Getting started with 389 DS
Sent by:
389-users-bounces at lists.fedoraproject.org



Hi Harry,
It basically means that the object class used to define the user in the
directory from which you exported the user does not exist in 389 or is not
available. It might also help to post an example of the ldif file here for
people to have a look at. It will make debugging your problem much easier.
You could probably either import the object class or replace the
objectclass with a suitably similar ojbectclass in 389 directory.

An object class is a list of attributes grouped together to define an
entry. You can combine multiple object classed to have more attributes
available with which to "describe" an entry.

Best Regards
________________________________________
From: 389-users-bounces at lists.fedoraproject.org
[389-users-bounces at lists.fedoraproject.org] on behalf of
harry.devine at faa.gov [harry.devine at faa.gov]
Sent: 25 October 2010 15:36
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] Getting started with 389 DS

Thanks. I'll keep that in mind. While I have your attention, can I ask
another question since I'm progressing along? What I ultimately want to
do is migrate from Microsoft Active Directory 2003 to 389 Directory
Server. I was reading up on how to export to an ldif file using ldifde.
However, when I try to import the ldif file into my test 389 DS, I get an
error for each user that says "entry <xxxx> has unknown object class
"user" " (the <xxxx> is the CN= entry for that user).

All I've found in the docs online so far is how to sync between the DS and
AD. I don't want to sync; I want to basically migrate. I can't find how
to do that. Any thoughts?

Thanks!
Harry

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine at faa.gov


From: Rich Megginson <rmeggins at redhat.com>
To: "General discussion list for the 389 Directory server project."
<389-users at lists.fedoraproject.org>
Cc: 389-users-bounces at lists.fedoraproject.org
Date: 10/25/2010 10:25 AM
Subject: Re: [389-users] Getting started with 389 DS
Sent by: 389-users-bounces at lists.fedoraproject.org

________________________________



harry.devine at faa.gov wrote:
>
> Just a follow up: I was able to log in. I turned off the software
> firewall and used "cn=Directory Manager" as the User ID and was able
> to log in. This machine is isolated so there's low risk in having the
> firewall off. When I get further along, I can turn it back on with
> 9830 added as a acceptable port I suppose.
Yes. You will need to open 389, 636, and 9830
>
> Thanks for the help, and sorry about the noise.
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218
> Harry.Devine at faa.gov
>
>
> From: Rich Megginson <rmeggins at redhat.com>
> To: "General discussion list for the 389 Directory
server project."
> <389-users at lists.fedoraproject.org>
> Date: 10/22/2010 04:29 PM
> Subject: Re: [389-users] Getting started with 389 DS
> Sent by: 389-users-bounces at lists.fedoraproject.org
>
>
> ------------------------------------------------------------------------
>
>
>
> harry.devine at faa.gov wrote:
> >
> > I just installed 389 DS on a laptop running CentOS 5.4 to start
> > getting familiar with it. I got it installed correctly (answered all
> > of the questions in the setup-ds-admin.pl script, verified that the
> > dirsrv and dirsrv-admin services are running), but when I run the
> > 389-console, I can't log in. I'm entering the username and password
> > that I used in the setup script, but I keep getting "Cannot login
> > because of an incorrect User ID, incorrect password, or Directory
> > problem. java.io.InterruptedIOException: HTTP response timeout".
> Check the logs - what is in /var/log/dirsrv/admin-serv/error?
> /var/log/dirsrv/slapd-YOURINSTANCE/errors?
> /var/log/dirsrv/slapd-YOURINSTANCE/access?
>
> You can also run the console with -D 9 -f console.log to get more
> verbose output
> >
> > What am I doing wrong? I'm trying to follow the docs at
> > http://directory.fedoraproject.org/wiki/Documentation but they seem to
> > jump all over the place. I did find a tutorial at
> > http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/,
> > but I'm stuck at the first step under "Administering 389 Directory
> > Server". Do I have to reinstall the 389 DS? Is there a place that I
> > can clear out/reset the admin password to get in?
> >
> > Thanks,
> > Harry
> >
> > Harry Devine
> > Common ARTS Software Development
> > AJT-144
> > (609)485-4218
> > Harry.Devine at faa.gov
> >
------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

________________________________________________________________________
--
389 users mailing list
389-users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20101025/764609a3/attachment.html
Miguel Medalha
2010-10-22 20:43:23 UTC
Permalink
389 DS is for Red Hat DS as Fedora Linux is for Red Hat Enterprise Linux.

Look at the extensive documentation for Red Hat Directory Server here:

https://access.redhat.com/knowledge/docs/manuals/Red_Hat_Directory_Server/
Richard Megginson
2010-10-25 15:16:07 UTC
Permalink
----- "harry devine" <harry.devine at faa.gov> wrote:

> Thanks. I'll keep that in mind. While I have your attention, can I ask
> another question since I'm progressing along? What I ultimately want
> to do is migrate from Microsoft Active Directory 2003 to 389 Directory
> Server. I was reading up on how to export to an ldif file using
> ldifde. However, when I try to import the ldif file into my test 389
> DS, I get an error for each user that says "entry <xxxx> has unknown
> object class "user" " (the <xxxx> is the CN= entry for that user).
>
> All I've found in the docs online so far is how to sync between the DS
> and AD. I don't want to sync; I want to basically migrate. I can't
> find how to do that. Any thoughts?

The schema that AD uses is very different from the schema that 389 uses. You'll have to do some scripting to get the data in the right format, and a lot of trial and error. I don't know if there are AD to LDAP migration scripts out there.

Also, you can't just replace AD with 389 if you need to support a Windows network. AD does a lot more than just an LDAP server.

>
> Thanks!
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218
> Harry.Devine at faa.gov
>
>
> From: Rich Megginson <rmeggins at redhat.com>
>
> To: "General discussion list for the 389 Directory server project."
> <389-users at lists.fedoraproject.org>
> Cc: 389-users-bounces at lists.fedoraproject.org
> Date: 10/25/2010 10:25 AM
> Subject: Re: [389-users] Getting started with 389 DS
> Sent by: 389-users-bounces at lists.fedoraproject.org
>
>
>
>
> harry.devine at faa.gov wrote:
> >
> > Just a follow up: I was able to log in. I turned off the software
> > firewall and used "cn=Directory Manager" as the User ID and was able
> > to log in. This machine is isolated so there's low risk in having
> the
> > firewall off. When I get further along, I can turn it back on with
> > 9830 added as a acceptable port I suppose.
> Yes. You will need to open 389, 636, and 9830
> >
> > Thanks for the help, and sorry about the noise.
> > Harry
> >
> > Harry Devine
> > Common ARTS Software Development
> > AJT-144
> > (609)485-4218
> > Harry.Devine at faa.gov
> >
> >
> > From: Rich Megginson <rmeggins at redhat.com>
> > To: "General discussion list for the 389 Directory server project."
> > <389-users at lists.fedoraproject.org>
> > Date: 10/22/2010 04:29 PM
> > Subject: Re: [389-users] Getting started with 389 DS
> > Sent by: 389-users-bounces at lists.fedoraproject.org
> >
> >
> >
> ------------------------------------------------------------------------
> >
> >
> >
> > harry.devine at faa.gov wrote:
> > >
> > > I just installed 389 DS on a laptop running CentOS 5.4 to start
> > > getting familiar with it. I got it installed correctly (answered
> all
> > > of the questions in the setup-ds-admin.pl script, verified that
> the
> > > dirsrv and dirsrv-admin services are running), but when I run the
> > > 389-console, I can't log in. I'm entering the username and
> password
> > > that I used in the setup script, but I keep getting "Cannot login
> > > because of an incorrect User ID, incorrect password, or Directory
> > > problem. java.io.InterruptedIOException: HTTP response timeout".
> > Check the logs - what is in /var/log/dirsrv/admin-serv/error?
> > /var/log/dirsrv/slapd-YOURINSTANCE/errors?
> > /var/log/dirsrv/slapd-YOURINSTANCE/access?
> >
> > You can also run the console with -D 9 -f console.log to get more
> > verbose output
> > >
> > > What am I doing wrong? I'm trying to follow the docs at
> > > http://directory.fedoraproject.org/wiki/Documentation but they
> seem to
> > > jump all over the place. I did find a tutorial at
> > >
> http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/ ,
> > > but I'm stuck at the first step under "Administering 389 Directory
> > > Server". Do I have to reinstall the 389 DS? Is there a place that
> I
> > > can clear out/reset the admin password to get in?
> > >
> > > Thanks,
> > > Harry
> > >
> > > Harry Devine
> > > Common ARTS Software Development
> > > AJT-144
> > > (609)485-4218
> > > Harry.Devine at faa.gov
> > >
> ------------------------------------------------------------------------
> > >
> > > --
> > > 389 users mailing list
> > > 389-users at lists.fedoraproject.org
> > > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
harry.devine
2010-10-25 15:29:46 UTC
Permalink
Right now, we have 4 Windows servers: 2 Domain controllers (1 of which is
serving as the Terminal Server License server), 1 general purpose
workstation for users to Remote Desktop into, and 1 server that runs
Citrix Presentation server. We also have 2 linux servers that we connect
to that we have configured to contact our domain controller for
authentication.

We really aren't using most of the features that AD has/provides. Just
basic user authentication, which is why we thought we could easily move to
389 DS. If we do, we figured that we could keep the Citrix server around
and have it contact the new DS server for authentication. Maybe keep the
1 domain controller as a member server that still does the license
services.

We're not opposed to scrapping AD though. If we have to migrate over
users manually, or via an ldif file that we script/create, we can do that.
Right now, we're just trying to get familiar with the features of 389 DS.

Thanks,
Harry

Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine at faa.gov



From:
Richard Megginson <rmeggins at redhat.com>

To:
"General discussion list for the 389 Directory server project."
<389-users at lists.fedoraproject.org>
Date:
10/25/2010 11:17 AM
Subject:
Re: [389-users] Getting started with 389 DS
Sent by:
389-users-bounces at lists.fedoraproject.org




----- "harry devine" <harry.devine at faa.gov> wrote:

> Thanks. I'll keep that in mind. While I have your attention, can I ask
> another question since I'm progressing along? What I ultimately want
> to do is migrate from Microsoft Active Directory 2003 to 389 Directory
> Server. I was reading up on how to export to an ldif file using
> ldifde. However, when I try to import the ldif file into my test 389
> DS, I get an error for each user that says "entry <xxxx> has unknown
> object class "user" " (the <xxxx> is the CN= entry for that user).
>
> All I've found in the docs online so far is how to sync between the DS
> and AD. I don't want to sync; I want to basically migrate. I can't
> find how to do that. Any thoughts?

The schema that AD uses is very different from the schema that 389 uses.
You'll have to do some scripting to get the data in the right format, and
a lot of trial and error. I don't know if there are AD to LDAP migration
scripts out there.

Also, you can't just replace AD with 389 if you need to support a Windows
network. AD does a lot more than just an LDAP server.

>
> Thanks!
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218
> Harry.Devine at faa.gov
>
>
> From: Rich Megginson <rmeggins at redhat.com>
>
> To: "General discussion list for the 389
Directory server project."
> <389-users at lists.fedoraproject.org>
> Cc: 389-users-bounces at lists.fedoraproject.org
> Date: 10/25/2010 10:25 AM
> Subject: Re: [389-users] Getting started
with 389 DS
> Sent by: 389-users-bounces at lists.fedoraproject.org
>
>
>
>
> harry.devine at faa.gov wrote:
> >
> > Just a follow up: I was able to log in. I turned off the software
> > firewall and used "cn=Directory Manager" as the User ID and was able
> > to log in. This machine is isolated so there's low risk in having
> the
> > firewall off. When I get further along, I can turn it back on with
> > 9830 added as a acceptable port I suppose.
> Yes. You will need to open 389, 636, and 9830
> >
> > Thanks for the help, and sorry about the noise.
> > Harry
> >
> > Harry Devine
> > Common ARTS Software Development
> > AJT-144
> > (609)485-4218
> > Harry.Devine at faa.gov
> >
> >
> > From: Rich Megginson <rmeggins at redhat.com>
> > To: "General discussion list for the 389 Directory server project."
> > <389-users at lists.fedoraproject.org>
> > Date: 10/22/2010 04:29 PM
> > Subject: Re: [389-users] Getting started with 389 DS
> > Sent by: 389-users-bounces at lists.fedoraproject.org
> >
> >
> >
> ------------------------------------------------------------------------
> >
> >
> >
> > harry.devine at faa.gov wrote:
> > >
> > > I just installed 389 DS on a laptop running CentOS 5.4 to start
> > > getting familiar with it. I got it installed correctly (answered
> all
> > > of the questions in the setup-ds-admin.pl script, verified that
> the
> > > dirsrv and dirsrv-admin services are running), but when I run the
> > > 389-console, I can't log in. I'm entering the username and
> password
> > > that I used in the setup script, but I keep getting "Cannot login
> > > because of an incorrect User ID, incorrect password, or Directory
> > > problem. java.io.InterruptedIOException: HTTP response timeout".
> > Check the logs - what is in /var/log/dirsrv/admin-serv/error?
> > /var/log/dirsrv/slapd-YOURINSTANCE/errors?
> > /var/log/dirsrv/slapd-YOURINSTANCE/access?
> >
> > You can also run the console with -D 9 -f console.log to get more
> > verbose output
> > >
> > > What am I doing wrong? I'm trying to follow the docs at
> > > http://directory.fedoraproject.org/wiki/Documentation but they
> seem to
> > > jump all over the place. I did find a tutorial at
> > >
> http://www.linuxmail.info/389-directory-server-setup-howto-centos-5/ ,
> > > but I'm stuck at the first step under "Administering 389 Directory
> > > Server". Do I have to reinstall the 389 DS? Is there a place that
> I
> > > can clear out/reset the admin password to get in?
> > >
> > > Thanks,
> > > Harry
> > >
> > > Harry Devine
> > > Common ARTS Software Development
> > > AJT-144
> > > (609)485-4218
> > > Harry.Devine at faa.gov
> > >
> ------------------------------------------------------------------------
> > >
> > > --
> > > 389 users mailing list
> > > 389-users at lists.fedoraproject.org
> > > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users at lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20101025/7a99d6e4/attachment-0001.html
Loading...