Re: [389-users] Change name of server, admin-server no longer works

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 07/29/2011 04:34 PM, Techie wrote:
> Hello,
>
> We were required to change the hostname of our LDAP server running
> 389-DS. Since that time the LDAP server runs fine but the admin server
> does not authenticate login any longer, meaning i cannot log into the
> admin server. What do I need to do to fix the admin server and change
> all references from the old host name to the new host name.

Just for clarity, what does "admin server" mean:

1. The machine itself cannot be authenticated against (which could 
happen if its authentication system it a client of its own directory -- 
which I avoid for this reason)

	or

2. The master or admin LDAP server program cannot be authenticated 
against because of domain/realm/hotname issues related to your 
authentication system (like Kerberos disliking you because hostnames 
don't match principal instances anymore or whatever)

In case 1, you should boot into single-user mode/admin mode (runlevel 1 
on Fedora pre 15 or any RHEL -- I don't remember how this works on 
Debian anymore). That runlevel/mode should drop you into a root shell 
prompt directly. From there you can edit whatever you need on the 
command line and then reboot to normal.

In case 2 you should stop the server (without corrupting the data -- I'm 
not sure about 389 anymore but OpenLDAP's slapd can be shut down gently 
by sending an INT signal (traditionally something like "kill -INT [pid 
of slapd]"). If you just do something equivalent to kill -9 you'll screw 
up your database (again, not totally sure how 389 handles this compared 
to OpenLDAP; fortunately I never had problems with 389 at all but I've 
had serious issues with OpenLDAP in the past so I'm always extra 
careful). Once slapd is shut down you can use the slap* tools to change 
things around inside the database if that is where your problem lies.

If your situation is way different than the above, we'd need to know 
more information before anyone can help.

Good luck!
-Iwao
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux