Re: Unable to login to admin console after upgrade

Mark Reynolds <mreynolds@xxxxxxxxxx> · Thu, 18 Jul 2019 12:05:16 -0400

On 7/18/19 11:35 AM, Leonard wrote:
After upgrading to the following versions, I cannot login to the console. I am presented with the error "error result (49): invalid credentials".

389-admin-1.1.38-1.3.amzn1.x86_64
389-ds-base-libs-1.3.8.4-18.60.amzn1.x86_64
389-adminutil-1.1.21-1.1.amzn1.x86_64
389-ds-base-1.3.8.4-18.60.amzn1.x86_64

I don't remember exactly what the versions were prior.

In the slapd access log, I see the following error associated with the login attempt "conn=160830 op=0 RESULT err=49 tag=97 nentries=0 etime=0.0026096322 - No suffix for bind dn found"

Can you provide the complete access log clip showing the BIND and the 
RESULT lines?

What this errors means is that the bind DN provided does not exist.  So 
we need to see the full log output to see what BIND DN was actually used.

I am using the username "admin" when logging in. I am however able to bind successfully as "uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot" when using ldapsearch, etc on the same host as running the console.

SSLv2/3 are disabled and only TLS 1.2 is enabled on the server.

adm.conf has:

sslVersionMax: TLS1.2
sslVersionMin: TLS1.2

ssl bits from console.conf:

NSSNickname Admin-Console
NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSProtocol TLSv1.2
NSSVerifyClient none
NSSPassPhraseDialog file:/etc/dirsrv/admin-serv/pin.txt

certutil:
Certificate Nickname                                         Trust Attributes
                                                              SSL,S/MIME,JAR/XPI

Server-Cert                                                  u,u,u
CA Certificate                                               CTu,u,u
Admin-Console                                                u,u,u

So far I've tried running setup-ds-admin.pl -u, deleting my .389 directory, and changing the password of "uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot"
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx

--

389 Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx