On 7/18/19 9:05 AM, Mark Reynolds wrote:
On 7/18/19 11:35 AM, Leonard wrote:
After upgrading to the following versions, I cannot login to the
console. I am presented with the error "error result (49): invalid
credentials".
389-admin-1.1.38-1.3.amzn1.x86_64
389-ds-base-libs-1.3.8.4-18.60.amzn1.x86_64
389-adminutil-1.1.21-1.1.amzn1.x86_64
389-ds-base-1.3.8.4-18.60.amzn1.x86_64
I don't remember exactly what the versions were prior.
In the slapd access log, I see the following error associated with
the login attempt "conn=160830 op=0 RESULT err=49 tag=97 nentries=0
etime=0.0026096322 - No suffix for bind dn found"
Can you provide the complete access log clip showing the BIND and the
RESULT lines?
Here's everything associated with the connection.
[18/Jul/2019:15:08:34.131169944 +0000] conn=160830 fd=145 slot=145 SSL
connection from xx.xx.xx.xx to xx.xx.xx.xx
[18/Jul/2019:15:08:34.157152520 +0000] conn=160830 TLS1.2 256-bit AES
[18/Jul/2019:15:08:34.157225415 +0000] conn=160830 op=0 BIND dn="(anon)"
method=128 version=3
[18/Jul/2019:15:08:34.157305053 +0000] conn=160830 op=0 RESULT err=49
tag=97 nentries=0 etime=0.0026096322 - No suffix for bind dn found
What this errors means is that the bind DN provided does not exist.
So we need to see the full log output to see what BIND DN was actually
used.
I am using the username "admin" when logging in. I am however able to
bind successfully as "uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot" when using ldapsearch, etc on
the same host as running the console.
SSLv2/3 are disabled and only TLS 1.2 is enabled on the server.
adm.conf has:
sslVersionMax: TLS1.2
sslVersionMin: TLS1.2
ssl bits from console.conf:
NSSNickname Admin-Console
NSSCipherSuite
+rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSProtocol TLSv1.2
NSSVerifyClient none
NSSPassPhraseDialog file:/etc/dirsrv/admin-serv/pin.txt
certutil:
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Server-Cert u,u,u
CA Certificate CTu,u,u
Admin-Console u,u,u
So far I've tried running setup-ds-admin.pl -u, deleting my .389
directory, and changing the password of "uid=admin,
ou=Administrators, ou=TopologyManagement, o=NetscapeRoot"
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
