On Thu, 2006-11-02 at 12:56 -0500, Rob Crittenden wrote: I don't think that the password thing is necessarily a problem depending
on how mod_nss is configured. I'm more curious what is logged on the LDAP side. Is the admin server attempting to open a connection? If so, how is it failing? rob
The admin server is attempting to open a connection. From the access log: --- [02/Nov/2006:14:20:02 -0500] conn=5 fd=64 slot=64 SSL connection from 192.168.55.1 to 192.168.55.1 [02/Nov/2006:14:20:02 -0500] conn=5 SSL 128-bit RC4 [02/Nov/2006:14:20:02 -0500] conn=5 op=0 BIND dn="cn=admin-serv-ldap, cn=Fedora Administration Server, cn=Server Group, cn=ldap.example.net, ou=example.net, o=NetscapeRoot" method=128 version=2 [02/Nov/2006:14:20:02 -0500] conn=5 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="" [02/Nov/2006:14:20:02 -0500] conn=5 op=1 SRCH base="cn=configuration, cn=admin-serv-ldap, cn=Fedora Administration Server, cn=Server Group, cn=ldap.example.net, ou=example.net, o=NetscapeRoot" scope=0 filter="(objectClass=nsDirectoryInfo)" attrs=ALL [02/Nov/2006:14:20:02 -0500] conn=5 op=1 RESULT err=0 tag=101 nentries=0 etime=0 [02/Nov/2006:14:20:02 -0500] conn=5 op=2 UNBIND [02/Nov/2006:14:20:02 -0500] conn=5 op=2 fd=64 closed - U1 --- I ran the same query manually and this is successful: --- [02/Nov/2006:14:22:55 -0500] conn=7 fd=64 slot=64 SSL connection from 192.168.55.1 to 192.168.55.1 [02/Nov/2006:14:22:55 -0500] conn=7 SSL 128-bit RC4 [02/Nov/2006:14:22:55 -0500] conn=7 op=0 BIND dn="cn=admin-serv-ldap, cn=Fedora Administration Server, cn=Server Group, cn=ldap.example.net, ou=example.net, o=NetscapeRoot" method=128 version=3 [02/Nov/2006:14:22:55 -0500] conn=7 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=admin-serv-ldap,cn=fedora administration server,cn=server group,cn=ldap.example.net,ou=example.net,o=netscaperoot" [02/Nov/2006:14:22:55 -0500] conn=7 op=1 SRCH base="cn=configuration, cn=admin-serv-ldap, cn=Fedora Administration Server, cn=Server Group, cn=ldap.example.net, ou=example.net, o=NetscapeRoot" scope=0 filter="(objectClass=nsDirectoryInfo)" attrs=ALL [02/Nov/2006:14:22:55 -0500] conn=7 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [02/Nov/2006:14:22:55 -0500] conn=7 op=2 UNBIND [02/Nov/2006:14:22:55 -0500] conn=7 op=2 fd=64 closed - U1 --- I notice 2 differences. The BIND is using version 2 when trying to start the admin server. That shouldn't matter. The problem seems to be with the BIND'ing. When trying to start the admin server, the RESULT to the BIND contains an empty dn. When run manually, the dn is correct. It seems like it is not authenticating properly with FDS 1.0.3. -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
