Touch!
I check the error logs i mentioned before and they go back to October 4th, but they don't indicate to me the change created the problem. My inclination is that some change occurred that change a key. So how do I track that back?
I tested this on my 389 DS server.
ldapsearch [-x] -D "cn=directory manager" -W -b "cn=admin-serv-zigzag,cn=389 Administration Server,cn=Server Group,cn=zigzag.ccbox.com,ou=ccbox.com,o=NetscapeRoot"
The result was:
# search result
search: 2
result: 0 Success
# numResponses: 31
# numEntries: 30
search: 2
result: 0 Success
# numResponses: 31
# numEntries: 30
Then I tested this:
ldapsearch -H ldaps://zigzag.ccbox.com [-x] -D "cn=directory manager" -W "cn=admin-serv-zigzag,cn=389 Administration Server,cn=Server Group,cn=zigzag.ccbox.com,ou=ccbox.com,o=NetscapeRoot"
The result was:
# search result
search: 2
result: 0 Success
# numResponses: 222
# numEntries: 221
search: 2
result: 0 Success
# numResponses: 222
# numEntries: 221
Why do I get the populate error? Does the two tests above provide any indication? I also ran these tests from another linux system and received the same results. The error I am seeing at restarting the Admin server doesn't seem to make sense if I am searching correctly. I think it should have the records it needs to repopulate the server.
Also, I think I found an old admin server backup that was taken before any of these problems surfaced. Anyone have a link that would walk me through the restore process? Is this a good idea?
slapd-zigzag_2015-05-28:
total 10308
drwx------ 4 root root 4096 Jun 11 2015 .
drwxr-x--- 347 root root 20480 Apr 20 00:13 ..
-rw------- 1 root root 49 Jun 11 2015 DBVERSION
-rw------- 1 root root 20577 Jun 11 2015 dse_index.ldif
-rw------- 1 root root 893 Jun 11 2015 dse_instance.ldif
-rw------- 1 root root 10485760 Jun 11 2015 log.0000000001
drwx------ 2 root root 4096 Jun 11 2015 NetscapeRoot
drwx------ 2 root root 4096 Jun 11 2015 userRoot
total 10308
drwx------ 4 root root 4096 Jun 11 2015 .
drwxr-x--- 347 root root 20480 Apr 20 00:13 ..
-rw------- 1 root root 49 Jun 11 2015 DBVERSION
-rw------- 1 root root 20577 Jun 11 2015 dse_index.ldif
-rw------- 1 root root 893 Jun 11 2015 dse_instance.ldif
-rw------- 1 root root 10485760 Jun 11 2015 log.0000000001
drwx------ 2 root root 4096 Jun 11 2015 NetscapeRoot
drwx------ 2 root root 4096 Jun 11 2015 userRoot
My assumption is the NetscapeRoot folder contains fix I need to take me back to before whatever change occurred to the admin server. Is this correct?
[root: NetscapeRoot]# ls -la
total 380
drwx------ 2 root root 4096 Jun 11 2015 .
drwx------ 4 root root 4096 Jun 11 2015 ..
-rw------- 1 root root 16384 Jun 11 2015 aci.db4
-rw------- 1 root root 32768 Jun 11 2015 ancestorid.db4
-rw------- 1 root root 49152 Jun 11 2015 cn.db4
-rw------- 1 root root 49 Jun 11 2015 DBVERSION
-rw------- 1 root root 49152 Jun 11 2015 entryrdn.db4
-rw------- 1 root root 16384 Jun 11 2015 givenName.db4
-rw------- 1 root root 98304 Jun 11 2015 id2entry.db4
-rw------- 1 root root 16384 Jun 11 2015 nsuniqueid.db4
-rw------- 1 root root 16384 Jun 11 2015 numsubordinates.db4
-rw------- 1 root root 16384 Jun 11 2015 objectclass.db4
-rw------- 1 root root 16384 Jun 11 2015 parentid.db4
-rw------- 1 root root 16384 Jun 11 2015 sn.db4
-rw------- 1 root root 16384 Jun 11 2015 uid.db4
-rw------- 1 root root 16384 Jun 11 2015 uniquemember.db4
total 380
drwx------ 2 root root 4096 Jun 11 2015 .
drwx------ 4 root root 4096 Jun 11 2015 ..
-rw------- 1 root root 16384 Jun 11 2015 aci.db4
-rw------- 1 root root 32768 Jun 11 2015 ancestorid.db4
-rw------- 1 root root 49152 Jun 11 2015 cn.db4
-rw------- 1 root root 49 Jun 11 2015 DBVERSION
-rw------- 1 root root 49152 Jun 11 2015 entryrdn.db4
-rw------- 1 root root 16384 Jun 11 2015 givenName.db4
-rw------- 1 root root 98304 Jun 11 2015 id2entry.db4
-rw------- 1 root root 16384 Jun 11 2015 nsuniqueid.db4
-rw------- 1 root root 16384 Jun 11 2015 numsubordinates.db4
-rw------- 1 root root 16384 Jun 11 2015 objectclass.db4
-rw------- 1 root root 16384 Jun 11 2015 parentid.db4
-rw------- 1 root root 16384 Jun 11 2015 sn.db4
-rw------- 1 root root 16384 Jun 11 2015 uid.db4
-rw------- 1 root root 16384 Jun 11 2015 uniquemember.db4
Thanks,
Job Cacka
From: Job Cacka <cacka2it@xxxxxxxxx>
To: "389-users@xxxxxxxxxxxxxxxxxxxxxxx" <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, April 19, 2016 11:24 AM
Subject: Re: Admin-server connection
I scheduled a reboot of the system during downtime last night. At startup I again got these messages in the error log.
[Tue Apr 19 04:05:37 2016] [crit] populate_tasks_from_server(): Unable to search [cn=admin-serv-zigzag,cn=389 Administration Server,cn=Server Group,cn=zigzag.ccbox.com,ou=ccbox.com,o=NetscapeRoot] for LDAPConnection [zigzag.ccbox.com:636]
We made some changes back in October 2015, but I don't remember what they were for. TLS maybe?
In:
/etc/dirsrv/admin-serv/
we changed:
cert8.db
console.conf
key3.db
local.conf
I am going to check now to see if the errors are related to those changes, if my log files go back far enough.
Any help is appreciated.
Thanks,
Job Cacka
From: Job Cacka <cacka2it@xxxxxxxxx>
To: "389-users@xxxxxxxxxxxxxxxxxxxxxxx" <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Sent: Monday, April 18, 2016 4:34 PM
Subject: Admin-server connection
Recently, I was researching samba connections, and noticed that the Linux 'Domain Users' group was displaying as the Unix GID number instead of the name. I went to login to the admin-server express from 'https://zigzag.ccbox.com:9830/dist/download' and that page loads but when I click on the link I get.
"
"
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
Please contact the server administrator,
[no address given] and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.
More information about this error may be available
in the server error log.
Apache/2.2 Server at zigzag.ccbox.com Port 9830
"
So I went over to the 389 Management Console on my Windows box and I enter cn=Directory Manager the password and https://zigzag.ccbox.com:9830 and I get a message saying the URL is not correct or the server is not running. For kicks and giggles I tried it with http instead of https and it gives an error that says,
"Cannot logon because of an incorrect User ID, Incorrect password, or Directory problem. java.io.InterruptedIOExceptio: HTTP response timeout"
Which indicates to me that the correct protocol should be https:
To further verify this I ran the following command at the Linux CLI on the server and a server that communicates with it.
ldapsearch -H ldaps://zigzag.ccbox.com [-x] -b o=netscaperoot -D "cn=directory manager" -W "objectclass=nsAdminConfig"
This returns 129 responses, but I don't know if they are valid or make sense. They look like they are unique to my system.
ldapsearch -H ldaps://zigzag.ccbox.com [-x] -b o=netscaperoot -D "cn=directory manager" -W "objectclass=nsAdminConfig"
This returns 129 responses, but I don't know if they are valid or make sense. They look like they are unique to my system.
Here is a pastbin of some error logs I noticed after I restarted the admin server with stop-ds-admin and start-ds-admin.
|
Job Cacka
-- 389-users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
