That gives me: [root at rome fdsldap]# /usr/lib64/mozldap/ldapsearch -h rome.protect.nssl -D "uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" -w "Mypassword" -s base -b "" "objectclass=*" ldapsearch: Password will expire in 0 seconds ldapsearch: Password has been reset by an administrator; you must change it. ldap_search: DSA is unwilling to perform That is likely because I reset the password to get past the invalid credentials problem when trying to run setup-ds-admin.pl -u For the ldapsearch below and to reset the adm password I used -D "cn=Directory Manager". So for the next question: How do I change it or unset the password expiration stuff which I never intended to be applied to the admin server by command line. Rich Megginson wrote: > Steve Fletcher wrote: >> Yes I can query these using ldapsearch. >> dn: cn=user, cn=defaultObjectClassesContainer, ou=1.1, ou=Admin, >> ou=Global Pre >> ferences, ou=protect.nssl, o=NetscapeRoot ... >> >> Using fedora-idm-console -D ldap I get: >> Ldap Connection rome.protect.nssl:389 >> 15:07:49.301 ldc=0 Connected to ldap://rome.protect.nssl:389 >> 15:07:49.318 ldc=0 op=1 BindRequest {version=3, name=uid=admin, >> ou=Administrators, ou=TopologyManagement, o=NetscapeRoot, >> authentication=********} >> 15:07:49.340 ldc=0 op=1 BindResponse {resultCode=0} >> {PasswordExpiredCtrl: isCritical=false msg=0} {PasswordExpiringCtrl: >> isCritical=false msg=0} >> Ldap Connection (null):389 ... >> >> and adm.conf has: >> ldapurl: ldap://rome.protect.nssl:389/o=NetscapeRoot >> >> On several following entries I saw: >> 15:49:04.089 ldc=0 op=2 SearchRequest {baseObject=cn=user, >> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >> Preferences, ou=protect.nssl, o=NetscapeRoot, scope=0, >> derefAliases=0,sizeLimit=1000, timeLimit=0, attrsOnly=false, >> filter=(|(objectclass=*)(objectclass=ldapsubentry)), attributes=null} >> 15:49:04.093 ldc=0 op=2 SearchResult {resultCode=53} >> {PasswordExpiredCtrl: isCritical=false msg=0} >> Is this telling me a password has expired? > Yes, I believe so. What happens if you do > /usr/lib/mozldap/ldapsearch -h rome.protect.nssl -D "uid=admin, > ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" -w > yourpassword -s base -b "" "objectclass=*" > ? >> >> >> Rich Megginson wrote: >>>> >>>> Console: cannot connect to the user database >>>> Console: Cannot open: cn=user, >>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>> Preferences, ou=protect.nssl, o=NetscapeRoot >>>> Console: Cannot open cn=group, >>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>> Preferences, ou=protect.nssl, o=NetscapeRoot >>>> Console: Cannot open cn=OU, >>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>> Preferences, ou=protect.nssl, o=NetscapeRoot >>> Why can't it find these entries? Is it connecting to the wrong LDAP >>> server? Can you query these entries using ldapsearch? >>> >>> Use fedora-idm-console -D ldap to see what LDAP connections it is >>> making. >>> >>> It should be trying to use the server from ldapurl in >>> /etc/dirsrv/admin-serv/adm.conf >>>> Console: Cannot open cn=ResourceEditorExtension,ou=1.1, ou=admin, >>>> ou=Global Preferences, ou=protect.nssl, o=NetscapeRoot >>>> >>> >> >
