Am Thu, 15 Mar 2018 16:25:41 -0400 schrieb Mark Reynolds <mreynolds@xxxxxxxxxx>: > On 03/15/2018 04:11 PM, Julian Kippels wrote: > > Am Thu, 15 Mar 2018 12:00:06 -0400 > > schrieb Mark Reynolds <mreynolds@xxxxxxxxxx>: > > > >> On 03/15/2018 11:36 AM, Julian Kippels wrote: > >>> Hi, > >>> > >>> since the last update (using RHEL 7, updated from > >>> 389-ds-1.3.6.1-21 to 389-ds-1.3.6.1-28) I cannot login as user > >>> admin in the administration console anymore. > >>> > >>> Looking at the logs I see this error message popping up every > >>> time I try to log in since then: > >>> > >>> [Thu Mar 15 13:09:35.046721 2018] [:crit] [pid 12027:tid > >>> 140250663868160] buildUGInfo(): unable to initialize TLS > >>> connection to LDAP host ldap-master.rz.uni-duesseldorf.de port > >>> 389: 4 > >>> > >>> What I find confusing, nowhere have I ever configured any > >>> encrypted connections, because the whole setup is tucked away in > >>> a private vlan with no access to the internet. How come the admin > >>> server suddenly wants to use TLS? And how can I disable this and > >>> get back the old behaviour? > >> This is odd since you did not update the admin server (in fact > >> there have not been any admin server updates in some time). > >> > >> What error is the console login page reporting? > > "Cannot connect to the directory server: > > netscape.ldap.LDAPException: error result (49): Invalid > > credentials" > Okay, so the problem appears that you are not providing a bind DN in > the console login page. What user ID are you using to log into the > console? > > [15/Mar/2018:13:09:35.051526124 +0100] conn=286293 op=0 BIND > dn="(anon)" method=128 version=3 [15/Mar/2018:13:09:35.051658717 > +0100] conn=286293 op=0 RESULT err=49 tag=97 nentries=0 etime=0 - No > suffix for bind dn found > > > Or you might be using a "user" name, like "admin", and not a DN > (uid=admin,...,o=netscaperoot) and it's not finding the user. You did > not provide enough of the access log to confirm. > I am using the username "admin". This has worked before. I had to heavily truncate the access log, because it is my main production machine. The setup in my test lab did not break in this way and there I can login using "admin". However, those three lines of access log are the only ones I can identify belonging to the admin-server login procedure. What else should I look for? > What if you try to log in as "cn=directory manager", does it work? No, this doesn't work either. I get another error message from the console: "Cannot logon because of an incorrect User ID. Incorrect password or Directory problem. HttpException: Response: HTTP/1.1 401 Unauthorized Status: 401 URL: http://ldap-master.rz.uni-duesseldorf.de:9830/admin-serv/authenticate"; Directory access log gives the same output as before, again with dn="(anon)" Directory error log remains empty Admin Server access log says: 192.168.25.114 - cn=directory manager [16/Mar/2018:10:23:33 +0100] "GET /admin-serv/authenticate HTTP/1.0" 401 470 Admin Server error log says: [Fri Mar 16 10:23:33.977051 2018] [:error] [pid 11147:tid 139866994099968] Could not bind as [cn=directory manager]: ldap error -1: Can't contact LDAP server [Fri Mar 16 10:23:33.977908 2018] [:error] [pid 11147:tid 139866994099968] Could not bind as [cn=directory manager]: ldap error -1: Can't contact LDAP server [Fri Mar 16 10:23:33.979140 2018] [:crit] [pid 11147:tid 139866994099968] buildUGInfo(): unable to initialize TLS connection to LDAP host ldap-master.rz.uni-duesseldorf.de port 389: 4 [Fri Mar 16 10:23:33.979205 2018] [auth_basic:error] [pid 11147:tid 139866994099968] [client 192.168.25.114:34904] AH01618: user cn=directory manager not found: /admin-serv/authenticate Output from 389-console -D 9 with user "cn=directory manager": java.util.prefs.userRoot=/home/julkip/.389-console java.runtime.name=OpenJDK Runtime Environment sun.boot.library.path=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/lib/amd64 java.vm.version=25.151-b12 java.vm.vendor=Oracle Corporation java.vendor.url=http://java.oracle.com/ path.separator=: java.vm.name=OpenJDK 64-Bit Server VM file.encoding.pkg=sun.io user.country=DE sun.java.launcher=SUN_STANDARD sun.os.patch.level=unknown java.vm.specification.name=Java Virtual Machine Specification user.dir=/home/julkip java.runtime.version=1.8.0_151-b12 java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment java.endorsed.dirs=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/lib/endorsed os.arch=amd64 java.io.tmpdir=/tmp line.separator= java.vm.specification.vendor=Oracle Corporation os.name=Linux sun.jnu.encoding=UTF-8 java.library.path=/usr/lib64/nx/X11/Xinerama:/usr/lib64/nx/X11:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib java.specification.name=Java Platform API Specification java.class.version=52.0 sun.management.compiler=HotSpot 64-Bit Tiered Compilers os.version=3.10.0-514.21.2.el7.x86_64 user.home=/home/julkip user.timezone=Europe/Berlin java.awt.printerjob=sun.print.PSPrinterJob file.encoding=UTF-8 java.specification.version=1.8 java.class.path=/usr/lib/java/jss4.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/idm-console-base.jar:/usr/share/java/idm-console-mcc.jar:/usr/share/java/idm-console-mcc_en.jar:/usr/share/java/idm-console-nmclf.jar:/usr/share/java/idm-console-nmclf_en.jar:/usr/share/java/389-console_en.jar user.name=julkip java.vm.specification.version=1.8 sun.java.command=com.netscape.management.client.console.Console -D 9 java.home=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre sun.arch.data.model=64 java.util.prefs.systemRoot=/home/julkip/.389-console user.language=de java.specification.vendor=Oracle Corporation awt.toolkit=sun.awt.X11.XToolkit java.vm.info=mixed mode java.version=1.8.0_151 java.ext.dirs=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/lib/ext:/usr/java/packages/lib/ext sun.boot.class.path=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/lib/resources.jar:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/lib/rt.jar:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/lib/sunrsasign.jar:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/lib/jsse.jar:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/lib/jce.jar:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/lib/charsets.jar:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/lib/jfr.jar:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64/jre/classes java.vendor=Oracle Corporation file.separator=/ java.vendor.url.bug=http://bugreport.sun.com/bugreport/ sun.io.unicode.encoding=UnicodeLittle sun.cpu.endian=little sun.cpu.isalist= 389-Management-Console/1.1.17 B2017.257.1933 RemoteImage: NOT found in cache loader1975012498:com/netscape/management/nmclf/icons/Error.gif RemoteImage: Create RemoteImage cache for loader1975012498 RemoteImage: NOT found in cache loader1975012498:com/netscape/management/nmclf/icons/Inform.gif RemoteImage: NOT found in cache loader1975012498:com/netscape/management/nmclf/icons/Warn.gif RemoteImage: NOT found in cache loader1975012498:com/netscape/management/nmclf/icons/Question.gif ResourceSet: NOT found in cache loader1975012498:com.netscape.management.client.components.components RemoteImage: NOT found in cache loader1975012498:com/netscape/management/client/theme/images/logo16.gif RemoteImage: NOT found in cache loader1975012498:com/netscape/management/client/theme/images/login.gif ResourceSet: NOT found in cache loader1975012498:com.netscape.management.client.util.default ResourceSet: found in cache loader1975012498:com.netscape.management.client.util.default JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button width = 72 CommManager> New CommRecord (http://ldap-master.rz.uni-duesseldorf.de:9830/admin-serv/authenticate) ResourceSet: found in cache loader1975012498:com.netscape.management.client.theme.theme http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] open> Ready http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] accept> http://ldap-master.rz.uni-duesseldorf.de:9830/admin-serv/authenticate http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] send> GET \ http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] send> /admin-serv/authenticate \ http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] send> HTTP/1.0 http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] send> Host: ldap-master.rz.uni-duesseldorf.de:9830 http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] send> Connection: Keep-Alive http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] send> User-Agent: 389-Management-Console/1.1.17 http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] send> Accept-Language: en http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] send> Authorization: Basic \ http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] send> Y249ZGlyZWN0b3J5IG1hbmFnZXI6RFYsciI4YDFHUStKTE8maCNxMllyeUFfSV9dNih5WEQ= \ http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] send> http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] send> http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] recv> HTTP/1.1 401 Unauthorized http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] error> HttpException: Response: HTTP/1.1 401 Unauthorized Status: 401 URL: http://ldap-master.rz.uni-duesseldorf.de:9830/admin-serv/authenticate http://ldap-master.rz.uni-duesseldorf.de:9830/[0:0] close> Closed JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 72 JButtonFactory: button height = 19 JButtonFactory: button width = 54 JButtonFactory: button height = 19 JButtonFactory: button width = 90 JButtonFactory: button width = 72 The exact same thing happens by the way when I use uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot to as the username. Regards Julian _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
