On Tue, Mar 27, 2012 at 2:00 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote: > On 03/27/2012 11:22 AM, Mike Mercier wrote: >> >> On Tue, Mar 27, 2012 at 11:14 AM, Rich Megginson<rmeggins@xxxxxxxxxx> >> wrote: >>> >>> On 03/27/2012 09:07 AM, Mike Mercier wrote: >>>> >>>> On Tue, Mar 27, 2012 at 10:05 AM, Rich Megginson<rmeggins@xxxxxxxxxx> >>>> wrote: >>>>> >>>>> On 03/27/2012 06:46 AM, Mike Mercier wrote: >>>>>> >>>>>> Hello, >>>>>> >>>>>> On Mon, Mar 26, 2012 at 10:47 AM, Rich Megginson<rmeggins@xxxxxxxxxx> >>>>>> wrote: >>>>>>> >>>>>>> On 03/26/2012 08:28 AM, Mike Mercier wrote: >>>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> adm.conf attached. >>>>>>> >>>>>>> Have you configured the directory server to use TLS/SSL? >>>>>> >>>>>> No, TLS/SSL was not configured. I did the following to install 389. >>>>>> >>>>>> Install fedora 16 >>>>>> run yum update >>>>>> install 389 >>>>>> run setup-ds-admin.pl using the 'Typical' option >>>>>> run 389-console and try to login as cn=Directory Manager >>>>>> >>>>>>> Can you try with 389-admin-1.1.28 now in updates-testing? >>>>>> >>>>>> [root@localhost ~]# rpm -qa | grep 389 >>>>>> 389-console-1.1.7-1.fc16.noarch >>>>>> 389-ds-console-doc-1.2.6-1.fc16.noarch >>>>>> 389-ds-base-libs-1.2.10.4-2.fc16.x86_64 >>>>>> 389-ds-1.2.2-1.fc15.noarch >>>>>> 389-ds-base-1.2.10.4-2.fc16.x86_64 >>>>>> 389-ds-console-1.2.6-1.fc16.noarch >>>>>> 389-admin-console-doc-1.1.8-2.fc16.noarch >>>>>> 389-admin-console-1.1.8-2.fc16.noarch >>>>>> 389-dsgw-1.1.7-2.fc16.x86_64 >>>>>> 389-admin-1.1.28-1.fc16.x86_64 >>>>>> 389-adminutil-1.1.14-1.fc16.x86_64 >>>>>> >>>>>> When using 389-console >>>>>> >>>>>> /var/log/dirsrv/admin-serv/error >>>>>> [Tue Mar 27 08:36:31 2012] [notice] [client 127.0.0.1] >>>>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 >>>>>> [Tue Mar 27 08:36:31 2012] [error] Could not bind as []: ldap error >>>>>> -1: Can't contact LDAP server >>>>>> [Tue Mar 27 08:36:31 2012] [error] Could not bind as []: ldap error >>>>>> -1: Can't contact LDAP server >>>>>> [Tue Mar 27 08:36:31 2012] [notice] [client 127.0.0.1] unable to bind >>>>>> to server [localhost.localdomain:389] as [(anonymous)] >>>>>> [Tue Mar 27 08:36:31 2012] [crit] buildUGInfo(): unable to initialize >>>>>> TLS connection to LDAP host localhost.localdomain port 389: 4 >>>>>> [Tue Mar 27 08:36:31 2012] [error] [client 127.0.0.1] user >>>>>> cn=Directory Manager not found: /admin-serv/authenticate >>>>>> >>>>>> >>>>>> /var/log/dirsrv/admin-serv/access >>>>>> 127.0.0.1 - cn=Directory Manager [27/Mar/2012:08:36:31 -0400] "GET >>>>>> /admin-serv/authenticate HTTP/1.0" 401 478 >>>>>> >>>>>> When using http://http://localhost.localdomain:9830/dist/download and >>>>>> clicking '389 Administration Express' >>>>>> >>>>>> /var/log/dirsrv/admin-serv/error >>>>>> [Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1] >>>>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1 >>>>>> [Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1] >>>>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1, >>>>>> referer: http://localhost.localdomain:9830/dist/download >>>>>> [Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1] >>>>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1, >>>>>> referer: http://localhost.localdomain:9830/dist/download >>>>>> [Tue Mar 27 08:42:00 2012] [notice] [client 127.0.0.1] >>>>>> admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1, >>>>>> referer: http://localhost.localdomain:9830/dist/download >>>>>> [Tue Mar 27 08:42:00 2012] [error] Could not bind as []: ldap error >>>>>> -1: Can't contact LDAP server >>>>>> [Tue Mar 27 08:42:00 2012] [error] Could not bind as []: ldap error >>>>>> -1: Can't contact LDAP server >>>>>> [Tue Mar 27 08:42:00 2012] [notice] [client 127.0.0.1] unable to bind >>>>>> to server [localhost.localdomain:389] as [(anonymous)], referer: >>>>>> http://localhost.localdomain:9830/dist/download >>>>>> [Tue Mar 27 08:42:00 2012] [crit] buildUGInfo(): unable to initialize >>>>>> TLS connection to LDAP host localhost.localdomain port 389: 4 >>>>>> >>>>>> >>>>>> /var/log/dirsrv/admin-serv/access >>>>>> >>>>>> 127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /dist/download >>>>>> HTTP/1.1" 200 4470 >>>>>> 127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /icons/spacer.gif >>>>>> HTTP/1.1" 200 43 >>>>>> 127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /icons/goto.gif >>>>>> HTTP/1.1" >>>>>> 200 86 >>>>>> 127.0.0.1 - admin [27/Mar/2012:08:42:00 -0400] "GET >>>>>> /admin-serv/tasks/configuration/HTMLAdmin?op=index HTTP/1.1" 500 615 >>>>> >>>>> What's in your directory server access log from around this time? >>>>> /var/log/dirsrv/slapd-INSTANCE/access >>>> >>>> Strangely, there are no entries in the file from that time... below >>>> is the entire file >>>> /var/log/dirsrv/slapd-mpls/access: >>>> >>>> 389-Directory/1.2.10.2 B2012.054.1543 >>>> localhost.localdomain:389 (/etc/dirsrv/slapd-mpls) >>>> >>>> [22/Mar/2012:15:09:39 -0400] conn=8 op=-1 fd=64 closed - B1 >>>> [22/Mar/2012:15:09:39 -0400] conn=10 op=-1 fd=65 closed - B1 >>> >>> The access log is buffered - if you're not hitting the directory server >>> with >>> any operations, then it won't flush it's buffer. The other way to make >>> it >>> flush is to shut it down. >> >> Nothing shows up in the log when trying to connect with 389-console. > > Do you have more than one directory server? If so, check the access logs on > your configuration directory server, the first one you installed, the one > with o=netscaperoot. > Only one directory server is installed. >> I do get entries in the log when running: >> >> ldapsearch -x -b -o=netscaperoot -D "cn=directory manager" -w password >> "nsDirectoryURL=*" >> >> I did just notice that I am seeing SELinux errors when trying to >> connect with the console: >> >> SELinux is preventing /usr/sbin/httpd.worker from name_connect access >> on the tcp_socket . >> >> ***** Plugin catchall_boolean (24.7 confidence) suggests >> ******************* >> >> If you want to allow httpd to connect to the ldap port >> Then you must tell SELinux about this by enabling the >> 'httpd_can_connect_ldap' boolean. You can read 'httpd_selinux' man >> page for more details. >> Do >> setsebool -P httpd_can_connect_ldap 1 >> ...... (much more information) > > > Hmm - setup-ds-admin.pl is supposed to take care of this > try running > setup-ds-admin.pl -u Running the above command has resolved the issue. Thanks, Mike > >> >> Thanks, >> Mike >> >> >>>> >>>> >>>> >>>>>> Thanks, >>>>>> Mike >>>>>> >>>>>> >>>>>> >>>>>>>> Thanks, >>>>>>>> Mike >>>>>>>> >>>>>>>> On Fri, Mar 23, 2012 at 10:42 AM, Rich >>>>>>>> Megginson<rmeggins@xxxxxxxxxx> >>>>>>>> wrote: >>>>>>>>> >>>>>>>>> On 03/22/2012 10:47 AM, Mike Mercier wrote: >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> Sorry for the delay... >>>>>>>>>> >>>>>>>>>> /var/log/dirsrv/admin-serv/access >>>>>>>>>> >>>>>>>>>> 127.0.0.1 - cn=Directory Manager [22/Mar/2012:12:43:32 -0400] "GET >>>>>>>>>> /admin-serv/authenticate HTTP/1.0" 401 478 >>>>>>>>>> >>>>>>>>>> /var/log/dirsrv/admin-serv/error >>>>>>>>>> [Thu Mar 22 12:43:26 2012] [notice] caught SIGTERM, shutting down >>>>>>>>>> [Thu Mar 22 12:43:27 2012] [notice] SELinux policy enabled; httpd >>>>>>>>>> running as context system_u:system_r:httpd_t:s0 >>>>>>>>>> [Thu Mar 22 12:43:28 2012] [error] Could not bind as []: ldap >>>>>>>>>> error >>>>>>>>>> -1: Can't contact LDAP server >>>>>>>>>> [Thu Mar 22 12:43:28 2012] [error] Could not bind as []: ldap >>>>>>>>>> error >>>>>>>>>> -1: Can't contact LDAP server >>>>>>>>>> [Thu Mar 22 12:43:28 2012] [warn] Unable to bind as LocalAdmin to >>>>>>>>>> populate LocalAdmin tasks into cache. >>>>>>>>>> [Thu Mar 22 12:43:28 2012] [notice] Access Host filter is: * >>>>>>>>>> [Thu Mar 22 12:43:28 2012] [notice] Access Address filter is: * >>>>>>>>>> [Thu Mar 22 12:43:29 2012] [notice] Apache/2.2.22 (Unix) >>>>>>>>>> configured >>>>>>>>>> -- >>>>>>>>>> resuming normal operations >>>>>>>>>> [Thu Mar 22 12:43:29 2012] [error] Could not bind as []: ldap >>>>>>>>>> error >>>>>>>>>> -1: Can't contact LDAP server >>>>>>>>>> [Thu Mar 22 12:43:29 2012] [error] Could not bind as []: ldap >>>>>>>>>> error >>>>>>>>>> -1: Can't contact LDAP server >>>>>>>>>> [Thu Mar 22 12:43:29 2012] [warn] Unable to bind as LocalAdmin to >>>>>>>>>> populate LocalAdmin tasks into cache. >>>>>>>>>> [Thu Mar 22 12:43:29 2012] [notice] Access Host filter is: * >>>>>>>>>> [Thu Mar 22 12:43:29 2012] [notice] Access Address filter is: * >>>>>>>>>> [Thu Mar 22 12:43:32 2012] [notice] [client 127.0.0.1] >>>>>>>>>> admserv_host_ip_check: ap_get_remote_host could not resolve >>>>>>>>>> 127.0.0.1 >>>>>>>>>> [Thu Mar 22 12:43:32 2012] [error] Could not bind as []: ldap >>>>>>>>>> error >>>>>>>>>> -1: Can't contact LDAP server >>>>>>>>>> [Thu Mar 22 12:43:32 2012] [error] Could not bind as []: ldap >>>>>>>>>> error >>>>>>>>>> -1: Can't contact LDAP server >>>>>>>>>> [Thu Mar 22 12:43:32 2012] [notice] [client 127.0.0.1] unable to >>>>>>>>>> bind >>>>>>>>>> to server [localhost.localdomain:389] as [(anonymous)] >>>>>>>>>> [Thu Mar 22 12:43:32 2012] [crit] buildUGInfo(): unable to >>>>>>>>>> initialize >>>>>>>>>> TLS connection to LDAP host localhost.localdomain port 389: 4 >>>>>>>>> >>>>>>>>> >>>>>>>>> Can you post your /etc/dirsrv/admin-serv/adm.conf? >>>>>>>>> Have you configured your directory server to use SSL? >>>>>>>>> >>>>>>>>>> [Thu Mar 22 12:43:32 2012] [error] [client 127.0.0.1] user >>>>>>>>>> cn=Directory Manager not found: /admin-serv/authenticate >>>>>>>>>> >>>>>>>>>> NOTE: This is after modifying 'local.conf' with >>>>>>>>>> configuration.nsadminaccesshosts: * >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Mike >>>>>>>>>> >>>>>>>>>> On Fri, Mar 16, 2012 at 5:43 PM, Mark >>>>>>>>>> Reynolds<mareynol@xxxxxxxxxx> >>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> Hi Michael, >>>>>>>>>>> >>>>>>>>>>> see comments below... >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 03/16/2012 02:42 PM, Michael Mercier wrote: >>>>>>>>>>> >>>>>>>>>>> Hello, >>>>>>>>>>> >>>>>>>>>>> I seem to be having problems using the 389-console GUI. >>>>>>>>>>> >>>>>>>>>>> I am entering the following information into each of the fields: >>>>>>>>>>> >>>>>>>>>>> User ID: cn=Directory Manager >>>>>>>>>>> Password: password >>>>>>>>>>> Administration URL: http://localhost.localdomain:9830 >>>>>>>>>>> >>>>>>>>>>> It fails with the following error: >>>>>>>>>>> >>>>>>>>>>> Cannot logon because of an incorrect User ID, >>>>>>>>>>> Incorrect password or Directory problem. >>>>>>>>>>> >>>>>>>>>>> HttpException: >>>>>>>>>>> Response: HTTP/1.1 401 Authorization Required >>>>>>>>>>> Status: 401 >>>>>>>>>>> URL: >>>>>>>>>>> http://localhost.localdomain:9830/admin-serv/authenticate >>>>>>>>>>> >>>>>>>>>>> Do you have a DS access log snippet showing the bind& >>>>>>>>>>> result? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I might not hurt to restart the admin server as well. >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Mark >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I have also tried with: >>>>>>>>>>> User ID: admin >>>>>>>>>>> Password: password >>>>>>>>>>> Administration URL: http://localhost.localdomain:9830 >>>>>>>>>>> >>>>>>>>>>> It fails with the following error: >>>>>>>>>>> >>>>>>>>>>> Cannot connect to the directory server: >>>>>>>>>>> netscape.ldap.LDAPException: error result (32): No such object >>>>>>>>>>> >>>>>>>>>>> I am able to run searches from the command line: >>>>>>>>>>> >>>>>>>>>>> [root@localhost ~]# ldapsearch -x -b o=netscaperoot -D >>>>>>>>>>> "cn=directory >>>>>>>>>>> manager" -w password "nsDirectoryURL=*" >>>>>>>>>>> # extended LDIF >>>>>>>>>>> # >>>>>>>>>>> # LDAPv3 >>>>>>>>>>> # base<o=netscaperoot> with scope subtree >>>>>>>>>>> # filter: nsDirectoryURL=* >>>>>>>>>>> # requesting: ALL >>>>>>>>>>> # >>>>>>>>>>> >>>>>>>>>>> # UserDirectory, Global Preferences, MyDomain, NetscapeRoot >>>>>>>>>>> dn: cn=UserDirectory,ou=Global >>>>>>>>>>> Preferences,ou=MyDomain,o=NetscapeRoot >>>>>>>>>>> objectClass: top >>>>>>>>>>> objectClass: nsDirectoryInfo >>>>>>>>>>> nsDirectoryURL: ldap://localhost.localdomain:389/dc=mpls >>>>>>>>>>> cn: UserDirectory >>>>>>>>>>> >>>>>>>>>>> # search result >>>>>>>>>>> search: 2 >>>>>>>>>>> result: 0 Success >>>>>>>>>>> >>>>>>>>>>> # numResponses: 2 >>>>>>>>>>> # numEntries: 1 >>>>>>>>>>> [root@localhost ~]# >>>>>>>>>>> >>>>>>>>>>> If I try to access http://localhost.localdomain:9830 with a web >>>>>>>>>>> browser, I am shown the "Services for users" page, but when I >>>>>>>>>>> click >>>>>>>>>>> on >>>>>>>>>>> "389 Administration Express" i get the following error: >>>>>>>>>>> >>>>>>>>>>> Internal Server Error >>>>>>>>>>> >>>>>>>>>>> The server encountered an internal error or misconfiguration and >>>>>>>>>>> was >>>>>>>>>>> unable to complete your request. >>>>>>>>>>> >>>>>>>>>>> Please contact the server administrator, [no address given] and >>>>>>>>>>> inform >>>>>>>>>>> them of the time the error occurred, and anything you might have >>>>>>>>>>> done >>>>>>>>>>> that may have caused the error. >>>>>>>>>>> >>>>>>>>>>> More information about this error may be available in the server >>>>>>>>>>> error >>>>>>>>>>> log. >>>>>>>>>>> Apache/2.2 Server at localhost.localdomain Port 9830 >>>>>>>>>>> >>>>>>>>>>> Anyone have any ideas? >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Mike >>>>>>>>>>> >>>>>>>>>>> [root@localhost ~]# more /etc/redhat-release >>>>>>>>>>> Fedora release 16 (Verne) >>>>>>>>>>> [root@localhost ~]# rpm -qa|grep 389 >>>>>>>>>>> 389-console-1.1.7-1.fc16.noarch >>>>>>>>>>> 389-ds-console-doc-1.2.6-1.fc16.noarch >>>>>>>>>>> 389-ds-base-libs-1.2.10.2-1.fc16.x86_64 >>>>>>>>>>> 389-ds-1.2.2-1.fc15.noarch >>>>>>>>>>> 389-ds-console-1.2.6-1.fc16.noarch >>>>>>>>>>> 389-admin-1.1.23-1.fc16.x86_64 >>>>>>>>>>> 389-admin-console-doc-1.1.8-2.fc16.noarch >>>>>>>>>>> 389-admin-console-1.1.8-2.fc16.noarch >>>>>>>>>>> 389-dsgw-1.1.7-2.fc16.x86_64 >>>>>>>>>>> 389-adminutil-1.1.14-1.fc16.x86_64 >>>>>>>>>>> 389-ds-base-1.2.10.2-1.fc16.x86_64 >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> 389 users mailing list >>>>>>>>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>>>>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> 389 users mailing list >>>>>>>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>>>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>>>>>>> >>>>>>>>> > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
