bah, you were right earlier, and i missed something. examining the dse.ldif file, i found that it was indeed the passthrough authentication plug-in. i manually turned it off for the secondary-master, shut down the primary-master, and was then able to restart the secondary-master admin-server they entry is: dn: cn=Pass Through Authentication,cn=plugins,cn=config nsslapd-pluginEnabled it might help to update the HowTo to reference that change >From: Richard Megginson <rmeggins at redhat.com> >Reply-To: "General discussion list for the Fedora Directory server >project." <fedora-directory-users at redhat.com> >To: "General discussion list for the Fedora Directory server project." ><fedora-directory-users at redhat.com> >Subject: Re: Problem with >AdminConsole failoverusingFedoraDS >Date: Fri, 27 Apr 2007 08:17:43 -0600 > >Kyley Engle wrote: >> >>so here's where i'm at now..... >> >>primary-master and secondary-master running...everything is fine. i shut >>down the primary-master and i can log into the admin console on the >>secondary-master fine. however, if i try to restart the admin server, it >>fails with: >> >>[Thu Apr 26 22:48:50 2007] [info] Init: Initializing NSS library >>[Thu Apr 26 22:48:50 2007] [info] Initializing SSL Session Cache of size >>10000. SSL2 timeout = 100, SSL3/TLS timeout = 86400. >>[Thu Apr 26 22:48:50 2007] [info] Init: Initializing (virtual) servers for >>SSL >>[Thu Apr 26 22:48:50 2007] [info] Server: Apache/2.0.52, Interface: >>mod_nss/2.0.52, Library: NSS/3.11 >>[Thu Apr 26 22:48:50 2007] [debug] mod_admserv.c(2154): [30854] Cache >>expiration set to 600 seconds >>[Thu Apr 26 22:48:50 2007] [crit] mod_admserv_post_config(): unable to >>build user/group LDAP server info: unable to set User/Group baseDN >>Configuration Failed >> >>I change the 2 files and 1 directory entry listed in the HowTo: and i get >>the exact same behavior. >There are probably some other values under o=NetscapeRoot somewhere that >reference the old directory server. Try this: >cd /opt/fedora-ds/shared/bin ; ./ldapsearch -T -h host -p port -D >"cn=directory manager" -w password -s sub -b o=netscaperoot "objectclass=*" >| grep "old ldap server host and/or port" >> >>I have no pass through authentication configured. I'm doing some testing >>on 2 freshly installed instances that don't have anything other than >>o=NetscapeRoot replication enabled and working. >> >>hope this is useful.... >> >>-ke >> >> >>>From: Richard Megginson <rmeggins at redhat.com> >>>Reply-To: "General discussion list for the Fedora Directory server >>>project." <fedora-directory-users at redhat.com> >>>To: "General discussion list for the Fedora Directory server project." >>><fedora-directory-users at redhat.com> >>>Subject: Re: Problem with Admin Console >>>failoverusingFedoraDS >>>Date: Thu, 26 Apr 2007 16:01:22 -0600 >>> >>>Kyley Engle wrote: >>>> >>>> >>>>i have done that, as well as changing the directory in the >>>>nsDirectoryURL entry and the file >>>>/opt/fedora-ds/admin-serv/config/adm.conf >>>> >>>>is there maybe a way to increase the debug logging on the admin-serv? >>>>i'm not finding very much documentation on it. >>>I think you'll also need to change or disable the pass through >>>authentication plug-in in your backup configuration directory server. >>> >>>edit admin-serv/config/httpd.conf and set the LogLevel to debug >>>> >>>>ke >>>> >>>>>From: Richard Megginson <rmeggins at redhat.com> >>>>>Reply-To: "General discussion list for the Fedora Directory server >>>>>project." <fedora-directory-users at redhat.com> >>>>>To: "General discussion list for the Fedora Directory server project." >>>>><fedora-directory-users at redhat.com> >>>>>Subject: Re: Problem with Admin Console >>>>>failoverusing FedoraDS >>>>>Date: Thu, 26 Apr 2007 15:17:43 -0600 >>>>> >>>>>Kyley Engle wrote: >>>>>> >>>>>>Hello, >>>>>> >>>>>>I am having problems with the admin-serv when doing failure testing in >>>>>>my multi-master environmnet. >>>>>> >>>>>>What I have: >>>>>> >>>>>>2 masters replicating the userRoot and NetscapeRoot directories >>>>>>various hub and consumer/search servers >>>>>> >>>>>>When I installed the instances on each of these servers, i pointed >>>>>>them at one of the masters, let's call it primary-master, for it's >>>>>>configuration directory. when both masters are up and running, i can >>>>>>connect my admin consoel to either directory and manage my fleet of >>>>>>servers >>>>>> >>>>>>While doing failure mode testing, I discovered that if the >>>>>>primary-master was turned off, that the secondary master admin-serv >>>>>>would not start properly. it gives the following in >>>>>>/opt/fedora-ds/admin-serv/logs/error: >>>>>> >>>>>>[Tue Apr 24 20:37:36 2007] [crit] mod_admserv_post_config(): unable to >>>>>>build user/group LDAP server info: unable to set User/Group baseDN >>>>>>Configuration Failed >>>>>> >>>>>>I followed the instructions found here: >>>>>>http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt#How_to_change_the_user.2Fgroup_LDAP_server >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>to change the admin server running on secondary-master to point to >>>>>>itself instead of to the primary master. this did not resolve the >>>>>>issue. >>>>>> >>>>>>Has anyone out there gotten the configuration directory successfully >>>>>>working in a failover capacity in a multi-master environment? >>>>>Try updating shared/config/dbswitch.conf to point to the backup >>>>>configuration ds. >>>>>> >>>>>>ke >>>>>> >>>>>>_________________________________________________________________ >>>>>>The average US Credit Score is 675. The cost to see yours: $0 by >>>>>>Experian. >>>>>>http://www.freecreditreport.com/pm/default.aspx?sc=660600&bcd=EMAILFOOTERAVERAGE >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>-- >>>>>>Fedora-directory-users mailing list >>>>>>Fedora-directory-users at redhat.com >>>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>>><< smime.p7s >> >>>> >>>> >>>> >>>> >>>>>-- >>>>>Fedora-directory-users mailing list >>>>>Fedora-directory-users at redhat.com >>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>>_________________________________________________________________ >>>>Download Messenger. Join the i?m Initiative. Help make a difference >>>>today. http://im.live.com/messenger/im/home/?source=TAGHM_APR07 >>>> >>>>-- >>>>Fedora-directory-users mailing list >>>>Fedora-directory-users at redhat.com >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >>><< smime.p7s >> >> >> >> >> >>>-- >>>Fedora-directory-users mailing list >>>Fedora-directory-users at redhat.com >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >>_________________________________________________________________ >>Mortgage refinance is Hot. *Terms. Get a 5.375%* fix rate. Check savings >>https://www2.nextag.com/goto.jsp?product=100000035&url=%2fst.jsp&tm=y&search=mortgage_text_links_88_h2bbb&disc=y&vers=925&s=4056&p=5117 >> >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users ><< smime.p7s >> >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users _________________________________________________________________ Exercise your brain! Try Flexicon. http://games.msn.com/en/flexicon/default.htm?icid=flexicon_hmemailtaglineapril07
