Reply-to: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.3) Gecko/20120307 Thunderbird/10.0.3
Hi Herb,
I wanted to see the logs from the server that wasn't working.
According to these logs everything is fine. So, you can log into
the console for master A, but not master B. Most likely there is no
configuration instance/admin server setup. There are a few
options. One, you could register master B in the Master A
console(using Create New Administration Domain feature), and just
use that console to manage both servers. Two, setup a new config
instance on the master B machine, and use a separate console.
Option one is definitely the best option. You can still use the
console GUI on master B if you want to, but point it to the master A
in the administration URL.
Here are some links to some useful document on on this:
Do you know which server is hosting the config data for
the console(o=netscaperoot)? If you do, please provide
the access log output showing the "cn=directory manager"
and "admin" binds? It might not hurt to restart the admin
server.
Thanks,
Mark
On 04/23/2012 04:06 PM, Herb Burnswell wrote:
Hi All,
After re-initialization of a dual master server I
now cannot log into the directory management console
as cn=Directory Manager. I receive the error:
Cannot logon because of an incorrect user id,
incorrect password, or Directory problem.
httpException:
Resoponse: HTTP/1.1 401 Unauthorized
Status: 401
URL: http://url/admin-serv/authenticate
I know the password is correct as I can drop into an
ldapmodify session with ./ldapmodify -D
"cn=Directory Manager" -w <passwd> without
error.
I've seen a few inquiries about this issue around
the web but nothing to resolve the issue. I see the
following in /opt/fedora-ds/admin-serv/logs/error:
security (27749): for host <hostname> trying
to GET /admin-serv/authenticate, basic-ncsa reports:
user cn=Directory Manager does not exist in pwfile
/opt/fedora-ds/admin-serv/config/admpw
It is correct that there is not a line for
cn=Directory Manager in admpw, but it is not located
in the admpw file on the other dual master and I can
log into its management console as cn=Directory
Manager without error. They both just contain a
line for user 'admin'.
When I try to log in as 'admin' (works fine on other
dual master) I receive:
cannot connect to the directory server:
netscape.ldap.LDAPException: error result (32)
matchedDN = ou =<domain>,o=netscaperoot; no
such object
Is there something else that I need to do after
re-initialization? Any guidance is greatly
appreciated.