On Tue, Mar 27, 2012 at 11:14 AM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote: > On 03/27/2012 09:07 AM, Mike Mercier wrote: >> >> On Tue, Mar 27, 2012 at 10:05 AM, Rich Megginson<rmeggins@xxxxxxxxxx> >> wrote: >>> >>> On 03/27/2012 06:46 AM, Mike Mercier wrote: >>>> >>>> Hello, >>>> >>>> On Mon, Mar 26, 2012 at 10:47 AM, Rich Megginson<rmeggins@xxxxxxxxxx> >>>> wrote: >>>>> >>>>> On 03/26/2012 08:28 AM, Mike Mercier wrote: >>>>>> >>>>>> Hello, >>>>>> >>>>>> adm.conf attached. >>>>> >>>>> Have you configured the directory server to use TLS/SSL? >>>> >>>> No, TLS/SSL was not configured. I did the following to install 389. >>>> >>>> Install fedora 16 >>>> run yum update >>>> install 389 >>>> run setup-ds-admin.pl using the 'Typical' option >>>> run 389-console and try to login as cn=Directory Manager >>>> >>>>> Can you try with 389-admin-1.1.28 now in updates-testing? >>>> >>>> [root@localhost ~]# rpm -qa | grep 389 >>>> 389-console-1.1.7-1.fc16.noarch >>>> 389-ds-console-doc-1.2.6-1.fc16.noarch >>>> 389-ds-base-libs-1.2.10.4-2.fc16.x86_64 >>>> 389-ds-1.2.2-1.fc15.noarch >>>> 389-ds-base-1.2.10.4-2.fc16.x86_64 >>>> 389-ds-console-1.2.6-1.fc16.noarch >>>> 389-admin-console-doc-1.1.8-2.fc16.noarch >>>> 389-admin-console-1.1.8-2.fc16.noarch >>>> 389-dsgw-1.1.7-2.fc16.x86_64 >>>> 389-admin-1.1.28-1.fc16.x86_64 >>>> 389-adminutil-1.1.14-1.fc16.x86_64 >>>> >>>> When using 389-console >>>> >>>> /var/log/dirsrv/admin-serv/error >>>> [Tue Mar 27 08:36:31 2012] [notice] [client 127.0.0.1] >>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 >>>> [Tue Mar 27 08:36:31 2012] [error] Could not bind as []: ldap error >>>> -1: Can't contact LDAP server >>>> [Tue Mar 27 08:36:31 2012] [error] Could not bind as []: ldap error >>>> -1: Can't contact LDAP server >>>> [Tue Mar 27 08:36:31 2012] [notice] [client 127.0.0.1] unable to bind >>>> to server [localhost.localdomain:389] as [(anonymous)] >>>> [Tue Mar 27 08:36:31 2012] [crit] buildUGInfo(): unable to initialize >>>> TLS connection to LDAP host localhost.localdomain port 389: 4 >>>> [Tue Mar 27 08:36:31 2012] [error] [client 127.0.0.1] user >>>> cn=Directory Manager not found: /admin-serv/authenticate >>>> >>>> >>>> /var/log/dirsrv/admin-serv/access >>>> 127.0.0.1 - cn=Directory Manager [27/Mar/2012:08:36:31 -0400] "GET >>>> /admin-serv/authenticate HTTP/1.0" 401 478 >>>> >>>> When using http://http://localhost.localdomain:9830/dist/download and >>>> clicking '389 Administration Express' >>>> >>>> /var/log/dirsrv/admin-serv/error >>>> [Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1] >>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 >>>> [Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1] >>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1, >>>> referer: http://localhost.localdomain:9830/dist/download >>>> [Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1] >>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1, >>>> referer: http://localhost.localdomain:9830/dist/download >>>> [Tue Mar 27 08:42:00 2012] [notice] [client 127.0.0.1] >>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1, >>>> referer: http://localhost.localdomain:9830/dist/download >>>> [Tue Mar 27 08:42:00 2012] [error] Could not bind as []: ldap error >>>> -1: Can't contact LDAP server >>>> [Tue Mar 27 08:42:00 2012] [error] Could not bind as []: ldap error >>>> -1: Can't contact LDAP server >>>> [Tue Mar 27 08:42:00 2012] [notice] [client 127.0.0.1] unable to bind >>>> to server [localhost.localdomain:389] as [(anonymous)], referer: >>>> http://localhost.localdomain:9830/dist/download >>>> [Tue Mar 27 08:42:00 2012] [crit] buildUGInfo(): unable to initialize >>>> TLS connection to LDAP host localhost.localdomain port 389: 4 >>>> >>>> >>>> /var/log/dirsrv/admin-serv/access >>>> >>>> 127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /dist/download >>>> HTTP/1.1" 200 4470 >>>> 127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /icons/spacer.gif >>>> HTTP/1.1" 200 43 >>>> 127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /icons/goto.gif >>>> HTTP/1.1" >>>> 200 86 >>>> 127.0.0.1 - admin [27/Mar/2012:08:42:00 -0400] "GET >>>> /admin-serv/tasks/configuration/HTMLAdmin?op=index HTTP/1.1" 500 615 >>> >>> What's in your directory server access log from around this time? >>> /var/log/dirsrv/slapd-INSTANCE/access >> >> Strangely, there are no entries in the file from that time... below >> is the entire file >> /var/log/dirsrv/slapd-mpls/access: >> >> 389-Directory/1.2.10.2 B2012.054.1543 >> localhost.localdomain:389 (/etc/dirsrv/slapd-mpls) >> >> [22/Mar/2012:15:09:39 -0400] conn=8 op=-1 fd=64 closed - B1 >> [22/Mar/2012:15:09:39 -0400] conn=10 op=-1 fd=65 closed - B1 > > The access log is buffered - if you're not hitting the directory server with > any operations, then it won't flush it's buffer. The other way to make it > flush is to shut it down. Nothing shows up in the log when trying to connect with 389-console. I do get entries in the log when running: ldapsearch -x -b -o=netscaperoot -D "cn=directory manager" -w password "nsDirectoryURL=*" I did just notice that I am seeing SELinux errors when trying to connect with the console: SELinux is preventing /usr/sbin/httpd.worker from name_connect access on the tcp_socket . ***** Plugin catchall_boolean (24.7 confidence) suggests ******************* If you want to allow httpd to connect to the ldap port Then you must tell SELinux about this by enabling the 'httpd_can_connect_ldap' boolean. You can read 'httpd_selinux' man page for more details. Do setsebool -P httpd_can_connect_ldap 1 ...... (much more information) Thanks, Mike > >> >> >> >> >>>> Thanks, >>>> Mike >>>> >>>> >>>> >>>>>> Thanks, >>>>>> Mike >>>>>> >>>>>> On Fri, Mar 23, 2012 at 10:42 AM, Rich Megginson<rmeggins@xxxxxxxxxx> >>>>>> wrote: >>>>>>> >>>>>>> On 03/22/2012 10:47 AM, Mike Mercier wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> Sorry for the delay... >>>>>>>> >>>>>>>> /var/log/dirsrv/admin-serv/access >>>>>>>> >>>>>>>> 127.0.0.1 - cn=Directory Manager [22/Mar/2012:12:43:32 -0400] "GET >>>>>>>> /admin-serv/authenticate HTTP/1.0" 401 478 >>>>>>>> >>>>>>>> /var/log/dirsrv/admin-serv/error >>>>>>>> [Thu Mar 22 12:43:26 2012] [notice] caught SIGTERM, shutting down >>>>>>>> [Thu Mar 22 12:43:27 2012] [notice] SELinux policy enabled; httpd >>>>>>>> running as context system_u:system_r:httpd_t:s0 >>>>>>>> [Thu Mar 22 12:43:28 2012] [error] Could not bind as []: ldap error >>>>>>>> -1: Can't contact LDAP server >>>>>>>> [Thu Mar 22 12:43:28 2012] [error] Could not bind as []: ldap error >>>>>>>> -1: Can't contact LDAP server >>>>>>>> [Thu Mar 22 12:43:28 2012] [warn] Unable to bind as LocalAdmin to >>>>>>>> populate LocalAdmin tasks into cache. >>>>>>>> [Thu Mar 22 12:43:28 2012] [notice] Access Host filter is: * >>>>>>>> [Thu Mar 22 12:43:28 2012] [notice] Access Address filter is: * >>>>>>>> [Thu Mar 22 12:43:29 2012] [notice] Apache/2.2.22 (Unix) configured >>>>>>>> -- >>>>>>>> resuming normal operations >>>>>>>> [Thu Mar 22 12:43:29 2012] [error] Could not bind as []: ldap error >>>>>>>> -1: Can't contact LDAP server >>>>>>>> [Thu Mar 22 12:43:29 2012] [error] Could not bind as []: ldap error >>>>>>>> -1: Can't contact LDAP server >>>>>>>> [Thu Mar 22 12:43:29 2012] [warn] Unable to bind as LocalAdmin to >>>>>>>> populate LocalAdmin tasks into cache. >>>>>>>> [Thu Mar 22 12:43:29 2012] [notice] Access Host filter is: * >>>>>>>> [Thu Mar 22 12:43:29 2012] [notice] Access Address filter is: * >>>>>>>> [Thu Mar 22 12:43:32 2012] [notice] [client 127.0.0.1] >>>>>>>> admserv_host_ip_check: ap_get_remote_host could not resolve >>>>>>>> 127.0.0.1 >>>>>>>> [Thu Mar 22 12:43:32 2012] [error] Could not bind as []: ldap error >>>>>>>> -1: Can't contact LDAP server >>>>>>>> [Thu Mar 22 12:43:32 2012] [error] Could not bind as []: ldap error >>>>>>>> -1: Can't contact LDAP server >>>>>>>> [Thu Mar 22 12:43:32 2012] [notice] [client 127.0.0.1] unable to >>>>>>>> bind >>>>>>>> to server [localhost.localdomain:389] as [(anonymous)] >>>>>>>> [Thu Mar 22 12:43:32 2012] [crit] buildUGInfo(): unable to >>>>>>>> initialize >>>>>>>> TLS connection to LDAP host localhost.localdomain port 389: 4 >>>>>>> >>>>>>> >>>>>>> Can you post your /etc/dirsrv/admin-serv/adm.conf? >>>>>>> Have you configured your directory server to use SSL? >>>>>>> >>>>>>>> [Thu Mar 22 12:43:32 2012] [error] [client 127.0.0.1] user >>>>>>>> cn=Directory Manager not found: /admin-serv/authenticate >>>>>>>> >>>>>>>> NOTE: This is after modifying 'local.conf' with >>>>>>>> configuration.nsadminaccesshosts: * >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Mike >>>>>>>> >>>>>>>> On Fri, Mar 16, 2012 at 5:43 PM, Mark Reynolds<mareynol@xxxxxxxxxx> >>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Hi Michael, >>>>>>>>> >>>>>>>>> see comments below... >>>>>>>>> >>>>>>>>> >>>>>>>>> On 03/16/2012 02:42 PM, Michael Mercier wrote: >>>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> I seem to be having problems using the 389-console GUI. >>>>>>>>> >>>>>>>>> I am entering the following information into each of the fields: >>>>>>>>> >>>>>>>>> User ID: cn=Directory Manager >>>>>>>>> Password: password >>>>>>>>> Administration URL: http://localhost.localdomain:9830 >>>>>>>>> >>>>>>>>> It fails with the following error: >>>>>>>>> >>>>>>>>> Cannot logon because of an incorrect User ID, >>>>>>>>> Incorrect password or Directory problem. >>>>>>>>> >>>>>>>>> HttpException: >>>>>>>>> Response: HTTP/1.1 401 Authorization Required >>>>>>>>> Status: 401 >>>>>>>>> URL: http://localhost.localdomain:9830/admin-serv/authenticate >>>>>>>>> >>>>>>>>> Do you have a DS access log snippet showing the bind& >>>>>>>>> result? >>>>>>>>> >>>>>>>>> >>>>>>>>> I might not hurt to restart the admin server as well. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Mark >>>>>>>>> >>>>>>>>> >>>>>>>>> I have also tried with: >>>>>>>>> User ID: admin >>>>>>>>> Password: password >>>>>>>>> Administration URL: http://localhost.localdomain:9830 >>>>>>>>> >>>>>>>>> It fails with the following error: >>>>>>>>> >>>>>>>>> Cannot connect to the directory server: >>>>>>>>> netscape.ldap.LDAPException: error result (32): No such object >>>>>>>>> >>>>>>>>> I am able to run searches from the command line: >>>>>>>>> >>>>>>>>> [root@localhost ~]# ldapsearch -x -b o=netscaperoot -D >>>>>>>>> "cn=directory >>>>>>>>> manager" -w password "nsDirectoryURL=*" >>>>>>>>> # extended LDIF >>>>>>>>> # >>>>>>>>> # LDAPv3 >>>>>>>>> # base<o=netscaperoot> with scope subtree >>>>>>>>> # filter: nsDirectoryURL=* >>>>>>>>> # requesting: ALL >>>>>>>>> # >>>>>>>>> >>>>>>>>> # UserDirectory, Global Preferences, MyDomain, NetscapeRoot >>>>>>>>> dn: cn=UserDirectory,ou=Global >>>>>>>>> Preferences,ou=MyDomain,o=NetscapeRoot >>>>>>>>> objectClass: top >>>>>>>>> objectClass: nsDirectoryInfo >>>>>>>>> nsDirectoryURL: ldap://localhost.localdomain:389/dc=mpls >>>>>>>>> cn: UserDirectory >>>>>>>>> >>>>>>>>> # search result >>>>>>>>> search: 2 >>>>>>>>> result: 0 Success >>>>>>>>> >>>>>>>>> # numResponses: 2 >>>>>>>>> # numEntries: 1 >>>>>>>>> [root@localhost ~]# >>>>>>>>> >>>>>>>>> If I try to access http://localhost.localdomain:9830 with a web >>>>>>>>> browser, I am shown the "Services for users" page, but when I click >>>>>>>>> on >>>>>>>>> "389 Administration Express" i get the following error: >>>>>>>>> >>>>>>>>> Internal Server Error >>>>>>>>> >>>>>>>>> The server encountered an internal error or misconfiguration and >>>>>>>>> was >>>>>>>>> unable to complete your request. >>>>>>>>> >>>>>>>>> Please contact the server administrator, [no address given] and >>>>>>>>> inform >>>>>>>>> them of the time the error occurred, and anything you might have >>>>>>>>> done >>>>>>>>> that may have caused the error. >>>>>>>>> >>>>>>>>> More information about this error may be available in the server >>>>>>>>> error >>>>>>>>> log. >>>>>>>>> Apache/2.2 Server at localhost.localdomain Port 9830 >>>>>>>>> >>>>>>>>> Anyone have any ideas? >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Mike >>>>>>>>> >>>>>>>>> [root@localhost ~]# more /etc/redhat-release >>>>>>>>> Fedora release 16 (Verne) >>>>>>>>> [root@localhost ~]# rpm -qa|grep 389 >>>>>>>>> 389-console-1.1.7-1.fc16.noarch >>>>>>>>> 389-ds-console-doc-1.2.6-1.fc16.noarch >>>>>>>>> 389-ds-base-libs-1.2.10.2-1.fc16.x86_64 >>>>>>>>> 389-ds-1.2.2-1.fc15.noarch >>>>>>>>> 389-ds-console-1.2.6-1.fc16.noarch >>>>>>>>> 389-admin-1.1.23-1.fc16.x86_64 >>>>>>>>> 389-admin-console-doc-1.1.8-2.fc16.noarch >>>>>>>>> 389-admin-console-1.1.8-2.fc16.noarch >>>>>>>>> 389-dsgw-1.1.7-2.fc16.x86_64 >>>>>>>>> 389-adminutil-1.1.14-1.fc16.x86_64 >>>>>>>>> 389-ds-base-1.2.10.2-1.fc16.x86_64 >>>>>>>>> >>>>>>>>> -- >>>>>>>>> 389 users mailing list >>>>>>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>>>>>> >>>>>>>> -- >>>>>>>> 389 users mailing list >>>>>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>>>>> >>>>>>> > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
