> On Jan 5, 2016, at 10:57, Noriko Hosoi <nhosoi@xxxxxxxxxx> wrote:
>
> Could you also tell us the version of the 389-admin and adminutil?
> rpm -q 389-admin 389-adminutil
Installed Packages
389-admin.x86_64 1.1.38-1.el7 @epel
389-adminutil.x86_64 1.1.21-2.el7 @epel
389-ds-base.x86_64 1.3.4.0-21.el7_2 @updates
389-ds-base-libs.x86_64 1.3.4.0-21.el7_2 @updates
> On Jan 5, 2016, at 07:30, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
>
> OK. So it is possible that the problem is that we don't clearly document how to blow everything away and start over from scratch. The setup-ds-admin.pl --force is supposed to do that, but perhaps it has a bug.
Honestly, I hadn’t looked. I just figured if I were going to blow away an installation I mostly didn’t care about anyway, I may as well do a thorough job of it... ;-)
> Does it work if you enable anonymous access and/or disable secure binds?
```
root# ldapmodify blah blah blah <<EOMODIFY
dn: cn=config
changetype: modify
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: on
EOMODIFY
root# systemctl restart dirsrv@${instance}
```
Click the “StartConfigDS” button on the web page and get the same error. I get nothing out of slapd-${instance}/errors log file, and this out of the slapd-${instance}/access log:
```
[05/Jan/2016:19:31:07 -0800] conn=1 fd=64 slot=64 SSL connection from ${correct_ip} to ${correct_ip}
[05/Jan/2016:19:31:08 -0800] conn=1 TLS1.2 256-bit AES
[05/Jan/2016:19:31:08 -0800] conn=1 op=0 BIND dn="cn=admin-serv-$(hostname -s),cn=389 Administration Server,cn=Server Group,cn=$(hostname -f),ou=$(hostname -d),o=NetscapeRoot" method=128 version=3
[05/Jan/2016:19:31:08 -0800] conn=1 op=0 RESULT err=53 tag=97 nentries=0 etime=1
[05/Jan/2016:19:31:08 -0800] conn=1 op=1 SRCH base="cn=configuration,cn=admin-serv-$(hostname -s),cn=389 Administration Server,cn=Server Group,cn=$(hostname -f),ou=$(hostname -d),o=NetscapeRoot" scope=0 filter="(objectClass=nsDirectoryInfo)" attrs=ALL
[05/Jan/2016:19:31:08 -0800] conn=1 op=1 RESULT err=0 tag=101 nentries=0 etime=0
[05/Jan/2016:19:31:08 -0800] conn=1 op=2 UNBIND
[05/Jan/2016:19:31:08 -0800] conn=1 op=2 fd=64 closed - U1
[05/Jan/2016:19:31:08 -0800] conn=2 fd=65 slot=65 SSL connection from ${correct_ip} to ${correct_ip}
[05/Jan/2016:19:31:08 -0800] conn=2 TLS1.2 256-bit AES
[05/Jan/2016:19:31:08 -0800] conn=2 op=0 BIND dn="cn=admin-serv-$(hostname -s),cn=389 Administration Server,cn=Server Group,cn=$(hostname -f),ou=$(hostname -d),o=NetscapeRoot" method=128 version=3
[05/Jan/2016:19:31:08 -0800] conn=2 op=0 RESULT err=53 tag=97 nentries=0 etime=0
[05/Jan/2016:19:31:08 -0800] conn=2 op=1 SRCH base="cn=configuration,cn=admin-serv-$(hostname -s),cn=389 Administration Server,cn=Server Group,cn=$(hostname -f),ou=$(hostname -d),o=NetscapeRoot" scope=0 filter="(objectClass=nsDirectoryInfo)" attrs=ALL
[05/Jan/2016:19:31:08 -0800] conn=2 op=1 RESULT err=0 tag=101 nentries=0 etime=0
[05/Jan/2016:19:31:08 -0800] conn=2 op=2 UNBIND
[05/Jan/2016:19:31:08 -0800] conn=2 op=2 fd=65 closed - U1
```
RESULT err=53 is LDAP_UNWILLING_TO_PERFORM on the BIND[1]? But it still accepts and runs (err=0) the SRCH, returning an empty result (nentries=0)? The secure connection portion seems fine to me, but I can try un-setting that if someone thinks it will advance the troubleshooting.
Thanks!
David
[1]: http://wiki.servicenow.com/index.php?title=LDAP_Error_Codes
--
David - Offbeat
dafydd - Online http://pgp.mit.edu/
----5----1----5----2----5----3----5----4----5----5----5----6----5----7--
Pavlov walks into a bar. The phone rings and he says,
"Damn! I forgot to feed the dog!"
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
