Steve Fletcher wrote: > That gives me: > [root at rome fdsldap]# /usr/lib64/mozldap/ldapsearch -h > rome.protect.nssl -D "uid=admin, ou=Administrators, > ou=TopologyManagement, o=NetscapeRoot" -w "Mypassword" -s base -b "" > "objectclass=*" > ldapsearch: Password will expire in 0 seconds > ldapsearch: Password has been reset by an administrator; you must > change it. > ldap_search: DSA is unwilling to perform > > That is likely because I reset the password to get past the invalid > credentials problem when trying to run setup-ds-admin.pl -u > For the ldapsearch below and to reset the adm password I used -D > "cn=Directory Manager". So for the next question: How do I change it or > unset the password expiration stuff which I never intended to be > applied to the admin server by command line. Change the passwordExpirationTime in that entry: ldapmodify -x -h rome.protect.nssl -D "cn=directory manager" -w thepassword dn: uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot changetype: modify replace: passwordExpirationTime passwordExpirationTime: 20380101000000Z Will change the password so that it expires in 2038 > > Rich Megginson wrote: >> Steve Fletcher wrote: >>> Yes I can query these using ldapsearch. >>> dn: cn=user, cn=defaultObjectClassesContainer, ou=1.1, ou=Admin, >>> ou=Global Pre >>> ferences, ou=protect.nssl, o=NetscapeRoot ... >>> >>> Using fedora-idm-console -D ldap I get: >>> Ldap Connection rome.protect.nssl:389 >>> 15:07:49.301 ldc=0 Connected to ldap://rome.protect.nssl:389 >>> 15:07:49.318 ldc=0 op=1 BindRequest {version=3, name=uid=admin, >>> ou=Administrators, ou=TopologyManagement, o=NetscapeRoot, >>> authentication=********} >>> 15:07:49.340 ldc=0 op=1 BindResponse {resultCode=0} >>> {PasswordExpiredCtrl: isCritical=false msg=0} {PasswordExpiringCtrl: >>> isCritical=false msg=0} >>> Ldap Connection (null):389 ... >>> >>> and adm.conf has: >>> ldapurl: ldap://rome.protect.nssl:389/o=NetscapeRoot >>> >>> On several following entries I saw: >>> 15:49:04.089 ldc=0 op=2 SearchRequest {baseObject=cn=user, >>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>> Preferences, ou=protect.nssl, o=NetscapeRoot, scope=0, >>> derefAliases=0,sizeLimit=1000, timeLimit=0, attrsOnly=false, >>> filter=(|(objectclass=*)(objectclass=ldapsubentry)), attributes=null} >>> 15:49:04.093 ldc=0 op=2 SearchResult {resultCode=53} >>> {PasswordExpiredCtrl: isCritical=false msg=0} >>> Is this telling me a password has expired? >> Yes, I believe so. What happens if you do >> /usr/lib/mozldap/ldapsearch -h rome.protect.nssl -D "uid=admin, >> ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" -w >> yourpassword -s base -b "" "objectclass=*" >> ? >>> >>> >>> Rich Megginson wrote: >>>>> >>>>> Console: cannot connect to the user database >>>>> Console: Cannot open: cn=user, >>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>>> Preferences, ou=protect.nssl, o=NetscapeRoot >>>>> Console: Cannot open cn=group, >>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>>> Preferences, ou=protect.nssl, o=NetscapeRoot >>>>> Console: Cannot open cn=OU, >>>>> cn=DefaultObjectClassesContainer,ou=1.1, ou=admin, ou=Global >>>>> Preferences, ou=protect.nssl, o=NetscapeRoot >>>> Why can't it find these entries? Is it connecting to the wrong >>>> LDAP server? Can you query these entries using ldapsearch? >>>> >>>> Use fedora-idm-console -D ldap to see what LDAP connections it is >>>> making. >>>> >>>> It should be trying to use the server from ldapurl in >>>> /etc/dirsrv/admin-serv/adm.conf >>>>> Console: Cannot open cn=ResourceEditorExtension,ou=1.1, ou=admin, >>>>> ou=Global Preferences, ou=protect.nssl, o=NetscapeRoot >>>>> >>>> >>> >> > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20081217/a9f5533f/attachment.bin
